7

I have DNS server (linux box with bind9), which is authorative for some domains, and forward all other queries to external DNS server of my ISP provider.

So far no problem.

Now I want that queries about some specific domains were forwarded to my internal DNS server, f.e.:

zone "some_domain" {
       type    forward;
        forwarders {
                some_internal_dns_ip;
        };
};

So far still no problem, all works ok.

But then, I want also to forward some reverse DNS queries to my internal DNS. So, I have added:

zone "16.172.in-addr.arpa" {
        type    forward;
        forwarders {
                some_internal_dns_ip;
        };
};

And this doesn't work as I expect. Queries about "16.172.in-addr.arpa" (for example 1.16.172.in-addr.arpa) are resolved correctly, but reverse queries about full address (for example 1.1.16.172.in-addr.arpa) are not. I understand that my server should use here some recursive query, but could not configure it. I have already tried adding following options

recursion yes;
allow-recursion { 127.0.0.1; };
allow-recursion-on { 127.0.0.1; };

but with no success . (I have used loopback address here, because I need this functionality only for my DNS host, and not for its clients) Any suggestions?

user71061
  • 501
  • 2
  • 10
  • 22
  • I am confused. Do you have three servers; bind, ISP, and another internal server? If so does the internal server resolve the request for 172.16.1.1? – BillThor Feb 25 '11 at 21:28
  • Yes - Exactly, and yes, internal DNS server correctly resolves reverse query for 172.16.1.1. All other queries are resolved by external ISP DNS server (by using global "forwarders" option). What I want to achieve, is my bind9 server to be also able to resolve reverse queries about addresses like 172.16.1.1 (only on this bind9 server, it doesn’t have to resolve it for clients using this bind server) – user71061 Feb 27 '11 at 21:23
  • Why would forwarding of the reverse zone not work? Is the ISP server queried? Try using tcpdump. – Marki Aug 11 '13 at 18:26

3 Answers3

8

This is because bind creates the "empty zones" by default. So, your name server is the master for "16.172.in-addr.arpa." zone and return with "NXDomain" for your answers.

If you define "empty-zones-enable no;" in named.conf this will work as you expect.

slm
  • 7,615
  • 16
  • 56
  • 76
Allan GooD
  • 81
  • 1
  • 2
2

I had the same problem, you are just missing IN in your named.conf syntax:

zone "5.10.in-addr.arpa." IN {

    type forward;
    forwarders {10.5.0.1;};
};

zone "6.10.in-addr.arpa." IN {

    type forward;
    forwarders {10.6.0.1;};
};

It is confusing as master / slave zones don't need it. Anyhow that's what fixed it for me.

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
user239921
  • 21
  • 1
1

Two approaches...

  1. Make BIND a master for 16.172.in-addr.arpa. Within the zone file, use NS records to delegate to the other internal server.

OR

  1. Make BIND a slave for 16.172.in-addr.arpa. Set the other internal server as a master.
Joe Sniderman
  • 2,809
  • 1
  • 22
  • 26