Hello everybody,

I'm trying to configure a couple of OpenBSD servers in a local network which is connected to the internet via an extrernal gateway (which is not part of my network). All servers should belong to an internal zone "domain.swi". I set up BIND 9.4.2 master and slave servers on machines A and B for the domain and set them as nameservers on every computer in the network. Up to now, everything works perfect, I was able to resolve all hostnames.

Now I'm trying to set up a forwarding nameserver on machine D which would forward all requests concerning the internal "domain.swi" to the nameservers on machines A and B and all other request to a nameserver running on external gateway which connects the network to the internet. I want to all servers in the network to use this forwarding nameserver. The problem is that after I start it I can resolve both internal and external hostnames on the machine D where it's running, but when I try to use it as a nameserver for machine A, I can't resolve any hostname either inside or outside the network. Log on machine D indicates that named daemon denies all requests made by machine A, even though I've set allow-query option to any.

This is how configuration files look like,
machine A (master nameserver) has address
machine B (slave nameserver) has address
machine D (forwarding nameserver) has address
external gateway (external nameserver) to the internet has address

named.conf file on machine D ( i tried to put A and B to forwarders list in options as well, but it didn't help):


options {

   allow-query { any; };

   forward only;
   forwarders {; };


zone "swi" {
   type forward;
   forwarders {;; };

internal request on machine D:

ping a.domain.swi
PING a.domain.swi ( 56 data bytes

external request on machine D:

ping www.google.com
PING www.l.google.com ( 56 data bytes

internal request on machine A:

ping d.domain.swi
ping: unknown host: d.domain.swi

external request on machine A:

ping www.google.com
ping: unknown host: www.google.com

/var/log/daemon file on machine D:

d named[15789]: client query (cache) 'd.domain.swi/A/IN' denied
d named[15789]: client query (cache) 'www.google.com/A/IN' denied

I'm not sure about forwarding configuration in named.conf, but I can't see why should be queries denied. I would appreciate any help, comments or hints very much! Thanks!

8 Years
Discussion Span
Last Post by sknake

You probably need to specify the allowed hosts for recursion.

allow-recursion {; }

You should be able to do this globally in the bind configuration, or you can set it per specific zone.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.