DNS forwarder config

faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

DNS forwarder config

Unread post by faris »

I'm having a problem getting my DNS lookups to look in the right place.

I have a local RBLDNS server that I want used for all lookups by local services for "*.rbldns.domain.tld"

In resolve.conf I have

Code: Select all

nameserver 127.0.0.1
nameserver 208.67.220.220
nameserver 208.67.222.222
So, lookups will be done using the local nameserver first. Good.

Next, in named.conf, I have two things that have anything to do with this:

Code: Select all

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.

        forwarders {
                208.67.222.222; 208.67.220.220;
        };
and

Code: Select all

zone "rbldns.domain.tld" IN {
        type forward;
        forward first;
        forwarders {
                public-ip-of-rbldnsd;
        };
};

dig @localhost 123.123.123.123.rbldns.domain.tld gives me the expected answer and says 127.0.0.1 was used for the lookup. Great.

dig 123.123.123.123.rbldns.domain.tld gives me exactly the same answer and says that 127.0.0.1 was used for the lookup. Again Great.

BUT, I'm seeing loads of queries on port 53 (which is closed to the outside world) from OpenDNS knocking on the door of public-ip-of-rbldns, and I can't figure out why.

I should point out that public NS records for rbldns.domain.tld and domain.tld point to some other DNS server unrelated to this. The A record for rbldns.domain.tld point to "public-ip-of-rbldns", however.

So...something, somewhere, is causing something to use the OpenDNS DNS servers to do the lookups.

I'm thinking in terms of the forward section pointing to the OpenDNS 208.67 addresses, but shouldn't this be overridden by the local zone definition?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply