Configuration with faked root wildcards and forward zones - DNS

This is a discussion on Configuration with faked root wildcards and forward zones - DNS ; The problem comes in, in that we also allow customers to pay via PayPal. I tried setting up a forward zone entry -- but looking at the debug logs, it never sends a forward request -- but instead just resolves ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Configuration with faked root wildcards and forward zones

  1. Configuration with faked root wildcards and forward zones


    The problem comes in, in that we also allow customers to pay via
    PayPal. I tried setting up a forward
    zone entry -- but looking at the debug logs, it never sends a forward
    request -- but instead just resolves
    the wildcard entry. I'm rather confused by this behaviour, as I
    thought a specific zone entry should override
    the wildcard as it behaves this way even after a restart of the named
    daemon, thus ensuring the entries are
    not in the server cache.

    What am I misunderstanding about how these two things work?

    Below is my view.

    view "external"
    {
    match-clients { any; };
    match-destinations { any; };

    recursion yes;

    zone "paypal.com" {
    type forward; forward only;
    // Same result whether I forward to paypal's NS records
    or local DNS server.
    forwarders {
    66.211.168.226;
    66.211.168.227;
    216.113.188.121;
    216.113.188.122;
    };

    };

    zone "." {
    type master;
    file "named.redirect";
    };

    };
    ----------------------------------------

    Thanks,
    Robert Fisher


  2. Re: Configuration with faked root wildcards and forward zones

    In article ,
    Robert Fisher wrote:

    > The problem comes in, in that we also allow customers to pay via
    > PayPal. I tried setting up a forward
    > zone entry -- but looking at the debug logs, it never sends a forward
    > request -- but instead just resolves
    > the wildcard entry. I'm rather confused by this behaviour, as I
    > thought a specific zone entry should override
    > the wildcard as it behaves this way even after a restart of the named
    > daemon, thus ensuring the entries are
    > not in the server cache.
    >
    > What am I misunderstanding about how these two things work?


    Forwarders are only used when the server needs to recurse -- it
    overrides the delegation records. If your server is authoritative for
    the root zone, and doesn't delegate paypal.com, it doesn't need to
    recurse, so the forwarders are ignored.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***


+ Reply to Thread