2

I have an authoritative DNS server which I want to forward example.com to another server.

I have this in my options

dnssec-validation no;
forwarders { 209.200.164.69; 209.200.164.74; };

and this in my zone config

zone "example.com" IN {
    type forward;
    forward only;
    forwarders { 209.200.164.69; 209.200.164.74; };
};

but for some reason, I get "query denied" when querying, also in syslog.

Tried to allow recursion to the above DNS server addresses, this didn't work. when I used allow-recursion { any; }; it resolved but it wasn't the behaviour I want. Tried dnssec-lookaside solution also. Tried virtually anything suggested I could find on google, but I couldn't get it to just forward the example.com alone.

Sniffleh
  • 81
  • 9
  • Why didn't you want to permit `allow-recursion { any; };`? Where did you apply that at? Globally, or just to the `example.com` zone? – Zoredache Sep 28 '16 at 23:15
  • applied globally, and i dont want my server to resolve anything. when I used it locally, it said this directive (or something like that) isn't available – Sniffleh Sep 28 '16 at 23:18
  • 1
    I am not 100% certain, but I am gonna bet that you require recursion for a forward zone to work. – Zoredache Sep 28 '16 at 23:31
  • I've seen that it doesn't, in the bind manual and other forum threads. But nevertheless I've tried using recursion (except for ANY which is not good for me) and that failed too. You can see that here http://www.zytrax.com/books/dns/ch7/queries.html#forwarders for example – Sniffleh Sep 28 '16 at 23:39

0 Answers0