Wednesday, January 19, 2011

Conditional DNS forwarding with named on Linux

I have a Centos 5.2 server which runs named for DNS resolution - it doesn't hold any information of its own, and just forwards all requests. From the named.conf:

options {
[...]
        forwarders { 1.1.1.1; 1.1.1.2; };
};

All other lines in named.conf are left as default.

I want to change the configuration so requests for anything under newdomain.com get passed to 22.22.22.22, while requests for any other address go to 1.1.1.1 or 1.1.1.2

How can I configure the DNS on this server to do this?

  • Can you operate as a slave for newdomain.com? i.e., do a full transfer?

    MidnighToker : just did this after having problems with forwarding, by far the easiest option -assuming the admin of the other server allows your server to do a full transfer.
  • hehe, I up-voted the previous answer before doing some fettling myself.

    Right, so, if you edit your named.conf and add the following:

    zone "newdomain.com" {
        type forward;
        forward only;
        forwarders { 22.22.22.22; };
    };
    

    now you won't be able to do reverse lookups easily, you'll have to modify the following zone statement to make sense for the IP address(s) of the domain (this was originally a reverse for 192.168.80.0/24).

    zone "80.168.192.in-addr.arpa" {
        type forward;
        forward only;
        forwarders { 22.22.22.22; };
    };
    

    After making the changes, you should

    1. Check that you havn't faffed up the config files: named-checkconf

    2. Tell bind to reload its config: rndc reload (much prefered to /etc/init.d/bind reload )

    Bear in mind this will return non-authorative answers for the domain. The way around this (and to offer better local caching should the remote DNS be problematic) would be to act as a slave for the zone.


    edited to add the forward only; statement. this will cause the query to fail after trying the server(s) specified in forwarders, rather than failing and then trying a standard lookup. Also edited to change /etc/init.d/bind reload to rndc reload after advice in comments.

    Zypher : The command 'rndc reload' is the prefered method to reload bind configuration files instead of using the init scripts to restart the daemon
    MidnighToker : Zypher -thanks for setting me right about using rndc -I didn't realise.
    DrStalker : Thanks, it's working perfectly.
  • If you are trying to optimize, and 22.22.22.22 is auth for that zone, you can also use a stub zone:

    zone "newdomain.com" {
        type stub;
        masters { 22.22.22.22 };
    };
    

    This does something slightly differently than forwarding. It will query the server 22.22.22.22 for NS records, and keep them in the cache at all times. This will do almost the same thing, but if another NS host (say, 33.33.33.33) was also listed, your server would then learn about it and use it as well.

    I believe a stub zone here is a better option than conditional forwarding.

0 comments:

Post a Comment