I installed bind9 at localhost so that I could setup forwarders for our LAN dns servers + for my Unix dns servers in DMZ ( I don’t have access to configure the LAN dns server, which would be a better option) . I setup something like this in /etc/bind/named.conf.local (Debian type of distro):
zone "windows.domain.servers." IN {
type forward;
forward only;
forwarders { 10.0.0.1; 10.0.0.2; };
};
zone "unix.dmz.servers." IN {
type forward;
forward only;
forwarders { 192.168.0.1; };
};
domain names and forward ip’s has been changed .
With this setup, I could configure my workstation to use localhost for dns queries, and tell /etc/resolv.conf to search for both the domains I want regular access to without typing the fqdn .
But there was a problem getting answers from my unix dns server in DMZ, /var/log/syslog told me something like:
Nov 15 09:27:07 uranus named[8184]: validating @0x7f94784dgd70: unix.dmz SOA: got insecure response; parent indicates it should be secure Nov 15 09:27:07 uranus named[8184]: error (no valid RRSIG) resolving 'lb01.unix.dmz.servers/DS/IN': 192.168.0.1#53 Nov 15 09:27:07 uranus named[8184]: error (no valid DS) resolving 'lb01.unix.dmz.servers/A/IN': 192.168.0.1#53
Since I haven’t got time to debug this stuff in detail, I simply edited /etc/bind/named.conf.options and setup
dnssec-validation no;
And my localhost bind9 could resolv stuff from our DMZ
Thnx isc.org and
groups.google.com