Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

redirect query for specific hosts within a domain

25 views
Skip to first unread message

Chris Cohen

unread,
Oct 17, 2008, 2:46:17 PM10/17/08
to
Hi,

let's say I have a domain my server is authoritative for, with something
like:

$ORIGIN example.org
[...]
statichost1 IN A 10.0.0.1
statichost2 IN A 10.1.0.2
dynamichost1 IN [lookup this hostname on another server]

the $otherserver is not under my controle, so is it possible to tell
bind to redirect querys to a specific host to another server?

--
thanks
chris

Chris Buxton

unread,
Oct 17, 2008, 3:11:30 PM10/17/08
to


That depends...

- Is the other server going to host a zone named
dynamichost1.example.org? Or will it host example.org?
- What do you want your server to send in response to iterative
queries? An answer, or a referral?

If the parameters are correct, you could handle this with a delegation
and (if necessary) a forward zone. For example:

In the zone file:
dynamichost1 IN NS otherserver.

In named.conf:
zone "dynamichost1.example.org" {
type forward;
forwarders { ip-of-otherserver; };
};

Chris Buxton
Professional Services
Men & Mice


Barry Margolin

unread,
Oct 17, 2008, 3:14:27 PM10/17/08
to
In article <gdamvo$ru4$1...@sf1.isc.org>, Chris Cohen <kild...@gmx.de>
wrote:

dynamichost1 IN NS server.name.domain.com.

--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

Chris Cohen

unread,
Oct 17, 2008, 3:25:30 PM10/17/08
to
Thanks for your reply!

Chris Buxton wrote:
> On Oct 17, 2008, at 11:46 AM, Chris Cohen wrote:
>> Hi,
>>
>> let's say I have a domain my server is authoritative for, with
>> something
>> like:
>>
>> $ORIGIN example.org
>> [...]
>> statichost1 IN A 10.0.0.1
>> statichost2 IN A 10.1.0.2
>> dynamichost1 IN [lookup this hostname on another server]
>>
>> the $otherserver is not under my controle, so is it possible to tell
>> bind to redirect querys to a specific host to another server?
>>
>> --
>> thanks
>> chris
>>
>
>
> That depends...
>
> - Is the other server going to host a zone named
> dynamichost1.example.org? Or will it host example.org?

It also hosts example.org and sadly I can't change that.

> - What do you want your server to send in response to iterative
> queries? An answer, or a referral?

An answer.

>
> If the parameters are correct, you could handle this with a delegation
> and (if necessary) a forward zone. For example:
>
> In the zone file:
> dynamichost1 IN NS otherserver.
>

I just tried that and it works, at least almost:
dynamichost1.example.org has address ip.ad.dr.ess
Host fra.example.org not found: 2(SERVFAIL)
Host fra.example.org not found: 2(SERVFAIL)

Why do I get one correct response and two servfails?
Couldn't find an error in the logfiles.

--
Thanks
Chris

Chris Buxton

unread,
Oct 17, 2008, 3:39:26 PM10/17/08
to
On Oct 17, 2008, at 12:25 PM, Chris Cohen wrote:

> Chris Buxton wrote:
>> On Oct 17, 2008, at 11:46 AM, Chris Cohen wrote:
>>> Hi,
>>>
>>> let's say I have a domain my server is authoritative for, with
>>> something
>>> like:
>>>
>>> $ORIGIN example.org
>>> [...]
>>> statichost1 IN A 10.0.0.1
>>> statichost2 IN A 10.1.0.2
>>> dynamichost1 IN [lookup this hostname on another server]
>>>
>>> the $otherserver is not under my controle, so is it possible to tell
>>> bind to redirect querys to a specific host to another server?
>>>
>>> --
>>> thanks
>>> chris
>>>
>>
>>
>> That depends...
>>
>> - Is the other server going to host a zone named
>> dynamichost1.example.org? Or will it host example.org?
> It also hosts example.org and sadly I can't change that.
>
>> - What do you want your server to send in response to iterative
>> queries? An answer, or a referral?
> An answer.

Can't be done.

In order for your server to give an answer, reliably, when sent an
iterative query (as opposed to a recursive query), it would need to
host the zone that contains the answer. But there is a name clash -
the name you want is contained in a zone that matches your local zone.

Now if only client machines are querying your server (and thus you
only receive recursive queries), and you add the forward zone, then
you don't need a local (slave) copy of the zone. But you still have
the name clash.

Is there some way you can rename your zone to be a different name,
either unrelated or a child of the other zone?

Barry Margolin

unread,
Oct 17, 2008, 4:11:57 PM10/17/08
to
In article <gdap69$ucd$1...@sf1.isc.org>, Chris Cohen <kild...@gmx.de>
wrote:

> Thanks for your reply!


> > In the zone file:
> > dynamichost1 IN NS otherserver.
> >
>
> I just tried that and it works, at least almost:
> dynamichost1.example.org has address ip.ad.dr.ess
> Host fra.example.org not found: 2(SERVFAIL)
> Host fra.example.org not found: 2(SERVFAIL)
>
> Why do I get one correct response and two servfails?
> Couldn't find an error in the logfiles.

The SERVFAILs are coming from the AAAA and MX queries that the host
command performs by default. Why your server responds with SERVFAIL for
specific record types, rather than a no-answer response, is not a BIND
problem.

Chris Cohen

unread,
Oct 17, 2008, 4:45:24 PM10/17/08
to

Sadly it is not. But your example with the ns line works well enough for
me. I was just scared by the Servfails 'host' gave me.

--
Thank you
Chris

Chris Cohen

unread,
Oct 17, 2008, 4:49:00 PM10/17/08
to
Barry Margolin wrote:
> In article <gdap69$ucd$1...@sf1.isc.org>, Chris Cohen <kild...@gmx.de>
> wrote:
>
>> Thanks for your reply!
>>> In the zone file:
>>> dynamichost1 IN NS otherserver.
>>>
>> I just tried that and it works, at least almost:
>> dynamichost1.example.org has address ip.ad.dr.ess
>> Host fra.example.org not found: 2(SERVFAIL)
>> Host fra.example.org not found: 2(SERVFAIL)
>>
>> Why do I get one correct response and two servfails?
>> Couldn't find an error in the logfiles.
>
> The SERVFAILs are coming from the AAAA and MX queries that the host
> command performs by default. Why your server responds with SERVFAIL for
> specific record types, rather than a no-answer response, is not a BIND
> problem.

So these Servfails come from the 'other Server'?
But host -t aaaa or mx at the 'other Server' gives me
dynamichost1.example.org has no MX/AAAA record, not a Servfail.

--
Thanks
Chris

Chris Buxton

unread,
Oct 17, 2008, 5:18:37 PM10/17/08
to
On Oct 17, 2008, at 1:49 PM, Chris Cohen wrote:

> Barry Margolin wrote:
>> In article <gdap69$ucd$1...@sf1.isc.org>, Chris Cohen <kild...@gmx.de>
>> wrote:
>>
>>> Thanks for your reply!
>>>> In the zone file:
>>>> dynamichost1 IN NS otherserver.
>>>>
>>> I just tried that and it works, at least almost:
>>> dynamichost1.example.org has address ip.ad.dr.ess
>>> Host fra.example.org not found: 2(SERVFAIL)
>>> Host fra.example.org not found: 2(SERVFAIL)
>>>
>>> Why do I get one correct response and two servfails?
>>> Couldn't find an error in the logfiles.
>>
>> The SERVFAILs are coming from the AAAA and MX queries that the host
>> command performs by default. Why your server responds with
>> SERVFAIL for
>> specific record types, rather than a no-answer response, is not a
>> BIND
>> problem.
>
> So these Servfails come from the 'other Server'?
> But host -t aaaa or mx at the 'other Server' gives me
> dynamichost1.example.org has no MX/AAAA record, not a Servfail.

I would bet that the negative response from the other server, claiming
to be for a zone that your server thinks it owns, is causing it to
discard the response. It then can't resolve the request any other way,
so returns SERVFAIL.

0 new messages