How to configure DNS server to forward queries about particular domain AND all of its subdomains

domain-name-system bind

I have DNS server (linux box with bind9), which is authorative for some domains, and forward all other queries to external DNS server of my ISP provider.

So far no problem.

Now I want that queries about some specific domains were forwarded to my internal DNS server, f.e.:

zone "some_domain" {
       type    forward;
        forwarders {
                some_internal_dns_ip;
        };
};

So far still no problem, all works ok.

But then, I want also to forward some reverse DNS queries to my internal DNS. So, I have added:

zone "16.172.in-addr.arpa" {
        type    forward;
        forwarders {
                some_internal_dns_ip;
        };
};

And this doesn't work as I expect. Queries about "16.172.in-addr.arpa" (for example 1.16.172.in-addr.arpa) are resolved correctly, but reverse queries about full address (for example 1.1.16.172.in-addr.arpa) are not. I understand that my server should use here some recursive query, but could not configure it. I have already tried adding following options

recursion yes;
allow-recursion { 127.0.0.1; };
allow-recursion-on { 127.0.0.1; };

but with no success . (I have used loopback address here, because I need this functionality only for my DNS host, and not for its clients) Any suggestions?


This is because bind creates the "empty zones" by default. So, your name server is the master for "16.172.in-addr.arpa." zone and return with "NXDomain" for your answers.

If you define "empty-zones-enable no;" in named.conf this will work as you expect.


I had the same problem, you are just missing IN in your named.conf syntax:

zone "5.10.in-addr.arpa." IN {

    type forward;
    forwarders {10.5.0.1;};
};

zone "6.10.in-addr.arpa." IN {

    type forward;
    forwarders {10.6.0.1;};
};

It is confusing as master / slave zones don't need it. Anyhow that's what fixed it for me.


Two approaches...

  1. Make BIND a master for 16.172.in-addr.arpa. Within the zone file, use NS records to delegate to the other internal server.

OR

  1. Make BIND a slave for 16.172.in-addr.arpa. Set the other internal server as a master.

Related

Solution for Reverse Proxying onto URLs that are not amenable to being relocated to a subdirectory
Installing MSI via Group Policy in a Fully Unattended Way
Serve different files for specific user agents using nginx
Tomcat Excessive Memory Consumption
Monitor the shell activity of a user on your Unix system?
Remote Desktop: multiple users viewing same desktop session
How to port Apache rewrite rules to cherokee?
What is the Command Line Syntax to create a Windows Local User and Add that User to a Local Group?
What are the advantages of adding a Mac to Active Directory?
compare tar content with local folder
How do I rate limit google's crawl of my IP block?
FreeBSD server - certified compatible hardware? [closed]