can you help me setup DNS forwarding

unix linux domain-name-system bind

I have a dns server in a subnet of the corporate network and i want to tell it to forward to the main dns servers when it cannot resolve

this is my file:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        forwarders { 10.90.0.135; 10.90.0.174; };
        forward first;
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


zone "appletop.local" IN {
        type master;
        file "appletop.local";
        allow-update { none; };
};

i know the dns server 10.90.0.35 is good and if i use it to resolve using dig its fine ie

[root@ns1 etc]# dig www.yahoo.com @10.90.0.135

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.0.2.el6_4.6 <<>> www.yahoo.com @10.90.0.135
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24437
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.yahoo.com.                 IN      A

;; ANSWER SECTION:
www.yahoo.com.          278     IN      CNAME   fd-fp3.wg1.b.yahoo.com.
fd-fp3.wg1.b.yahoo.com. 278     IN      CNAME   ds-fp3.wg1.b.yahoo.com.
ds-fp3.wg1.b.yahoo.com. 1       IN      CNAME   ds-eu-fp3-lfb.wa1.b.yahoo.com.
ds-eu-fp3-lfb.wa1.b.yahoo.com. 235 IN   CNAME   ds-eu-fp3.wa1.b.yahoo.com.
ds-eu-fp3.wa1.b.yahoo.com. 26   IN      A       87.248.122.122
ds-eu-fp3.wa1.b.yahoo.com. 26   IN      A       87.248.112.181

;; Query time: 49 msec
;; SERVER: 10.90.0.135#53(10.90.0.135)
;; WHEN: Thu Sep 12 17:37:15 2013
;; MSG SIZE  rcvd: 167

but i cannot get it to forward any of my normal requests to that server

what have i done wrong im copying the entrys from examples on the net but it doesnt work

thank you


Solution 1:

the problem was i had enable dns-sec in the file - i removed all the sec stuff and it worked

thanks

Related

Memcached with SASL: Couldn't find mech PLAIN
Why are pods failing to schedule due to resources when node has plenty available?
incoming email is rejected
ansible error: Failed to find required executable rsync in paths: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin"}
Do I need SiteLock on top of AWS Shield? [closed]
Access windows EBS Volume from EC2 linux as folder
Connection Failed on AWS Client VPN - netsh command failed: external program did not execute -- returned error code -1
Increase the size of software RAID 10
Where is the System maintenance switch on HP ProLiant dl360 Gen 7
Ansible - templates with items won't works
Enabling RBAC on Existing AKS Clusters
How to use setfacl on ZFS dataset to set the equivalent of UNIX-style chmod 770?