Setting up a bind forwarder, except for a domain

binddomain-name-systemforwarding

I'm trying to setup a local bind DNS server (first time dealing with DNS servers, know a bit about records) that:

  • Routes *.internal, *.*.internal to itself (preferably any combination of subdomains),
  • Forwards everything else to a parent DNS server at 192.168.0.1

To start with, I'd like to tackle the second forwarding issue. The parent router/dns routes hostname.Home to a computer attached to the network, but these requests don't get forwarded on. Lookups for google.com and external sites do work however.

Currently I have the following named.conf:

options {
    directory "/var/cache/bind";

    dnssec-validation no;
    dnssec-lookaside no;
    auth-nxdomain no;    # conform to RFC1035 

    listen-on { any; };
    listen-on-v6 { any; };

    # Recursively forward requests onto the parent DNS
    forwarders { 192.168.0.1; };
    recursion yes;
    allow-recursion { any; };
    allow-query { any; };
};

The results when I attempt to lookup domains:

External domain, local dns

ross@srv:~$ nslookup google.com 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 173.194.34.105
  ...snip...
Name:   google.com
Address: 173.194.34.104

Internal domain, local dns

ross@tigger:~$ nslookup ross-pc.home 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find ross-pc.home: NXDOMAIN

Internal domain, parent dns

ross@tigger:~$ nslookup ross-pc.home 192.168.0.1
Server:         192.168.0.1
Address:        192.168.0.1#53

Non-authoritative answer:
Name:   ross-pc.home
Address: 192.168.0.14

Bind error log:

named[6947]: DNS format error from 192.168.0.1#53 resolving ross-pc.home/A for
             client 127.0.0.1#50667: reply has no answer
named[6947]: error (FORMERR) resolving 'ross-pc.home/A/IN': 192.168.0.1#53
named[6947]: error (network unreachable) resolving 'ross-pc.home/A/IN':
             2001:503:c27::2:30#53
named[6947]: error (network unreachable) resolving 'ross-pc.home/A/IN': 
             2001:500:3::42#53

I've tried to configure bind to be as unrestrictive as possible while I'm getting the basics working. Can someone explain why *.Home requests not being forwarded?

Best Answer

I found a solution - my upstream router is a home dsl-type router, which apparently can send large udp packets. The solution described here was to add the following lines to use a different DNS mode between dns servers:

server ::/0 { edns no; };
server 0.0.0.0/0 { edns no; };
Related Topic