I have a local RBLDNS server that I want used for all lookups by local services for "*.rbldns.domain.tld"
In resolve.conf I have
Code: Select all
nameserver 127.0.0.1
nameserver 208.67.220.220
nameserver 208.67.222.222
Next, in named.conf, I have two things that have anything to do with this:
Code: Select all
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
forwarders {
208.67.222.222; 208.67.220.220;
};
Code: Select all
zone "rbldns.domain.tld" IN {
type forward;
forward first;
forwarders {
public-ip-of-rbldnsd;
};
};
dig @localhost 123.123.123.123.rbldns.domain.tld gives me the expected answer and says 127.0.0.1 was used for the lookup. Great.
dig 123.123.123.123.rbldns.domain.tld gives me exactly the same answer and says that 127.0.0.1 was used for the lookup. Again Great.
BUT, I'm seeing loads of queries on port 53 (which is closed to the outside world) from OpenDNS knocking on the door of public-ip-of-rbldns, and I can't figure out why.
I should point out that public NS records for rbldns.domain.tld and domain.tld point to some other DNS server unrelated to this. The A record for rbldns.domain.tld point to "public-ip-of-rbldns", however.
So...something, somewhere, is causing something to use the OpenDNS DNS servers to do the lookups.
I'm thinking in terms of the forward section pointing to the OpenDNS 208.67 addresses, but shouldn't this be overridden by the local zone definition?