BIND - list of forwarders used on several zones

Patrick Aszody

8/24/23, 12:40 PM

I am setting up a BIND (v9.16) nameserver.

Its main purpose is to work as a regular recursor for our internal hosts. For a couple of specific zones though (the ones that we host), I need to set it up as a forwarder. The goal is to avoid creating a dependency on root and TLD DNS servers, and being able to continue using our internal services even in the case of unavailability of our outside network connections.

This was easy to setup, here the relevant parts of my configuration :

options {
    allow-recursion {
        // Here comes the list of our inside networks
    };

};

zone "somedomain.example" IN {
    type forward;
    forward first;
    forwarders {
        // Here comes the list of the primary servers for this zone
    };
// ... repeated for all forward zones

This setup works as expected, but with a minor inconvenience. The list of primary servers has to be repeated for all the "forward" zones. We have quite a few of them, all with IPv4 and IPv6 addresses, and ^C/^V the list to all zones is not the most elegant thing I have seen, nor is it very DRY-compliant.

I know that the forwarders statement can also be included in the global options section, but from basic experiments I understand that this statement does not apply to forward zones, it is only meant for a forward-only nameserver (the documentation is not crystal-clear, but mentions that "if no forwarders statement is present, [...] cancelling the effects of any forwarders in the options statement").

Is there a way to create a named list of forwarders, more or less the same way we create ACLs, and use this symbolic name in the forwarders statement inside relevant zones ?

0 + 0

bind

named-conf

Score:0

Server

Rob

8/25/23, 9:12 AM

Like many other daemons and services ISC Bind supports an include directive in its configuration files.

That allows you to move a list of configuration settings and directives to a different file, and you can reference that include where it's needed.

That reduces your administrative burden to only maintaining your list of forwarders in a single place and you only need to copy the reference where it is needed.

// "/var/named/includes/forwarders.conf"
// master list of forwarders

forwarders {
            192.0.2.21;
            192.0.2.88;
};

and then in you named.conf:

zone "somedomain.example" IN {
    type forward;
    forward first;
    include "/var/named/includes/forwarders.conf";
}
zone "otherdomain.example" IN {
    type forward;
    forward first;
    include "/var/named/includes/forwarders.conf";
}

0 + 0

Patrick Aszody

8/25/23, 6:37 PM

Thanks for help and suggestion. Sometimes, we forget about the simplest things :)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: BIND - list of forwarders used on several zones

TH: BIND - รายชื่อผู้ส่งต่อที่ใช้ในหลายโซน

RO: BIND - lista de expeditori utilizați pe mai multe zone

RU: BIND - список форвардеров, используемых на нескольких зонах

VI: BIND - danh sách các nhà giao nhận được sử dụng trên một số vùng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.