Hello everybody,
I'm trying to configure a couple of OpenBSD servers in a local network which is connected to the internet via an extrernal gateway (which is not part of my network). All servers should belong to an internal zone "domain.swi". I set up BIND 9.4.2 master and slave servers on machines A and B for the domain and set them as nameservers on every computer in the network. Up to now, everything works perfect, I was able to resolve all hostnames.
Now I'm trying to set up a forwarding nameserver on machine D which would forward all requests concerning the internal "domain.swi" to the nameservers on machines A and B and all other request to a nameserver running on external gateway which connects the network to the internet. I want to all servers in the network to use this forwarding nameserver. The problem is that after I start it I can resolve both internal and external hostnames on the machine D where it's running, but when I try to use it as a nameserver for machine A, I can't resolve any hostname either inside or outside the network. Log on machine D indicates that named daemon denies all requests made by machine A, even though I've set allow-query option to any.
This is how configuration files look like,
machine A (master nameserver) has address 192.168.56.67
machine B (slave nameserver) has address 192.168.26.32
machine D (forwarding nameserver) has address 192.168.26.34
external gateway (external nameserver) to the internet has address 192.168.56.2:
named.conf file on machine D ( i tried to put A and B to forwarders list in options as well, but it didn't help):
...
options {
...
allow-query { any; };
forward only;
forwarders { 192.168.56.2; };
};
...
zone "swi" {
type forward;
forwarders { 192.168.56.67; 192.168.26.32; };
};
internal request on machine D:
ping a.domain.swi
PING a.domain.swi (192.168.56.67): 56 data bytes
...
external request on machine D:
ping www.google.com
PING www.l.google.com (74.125.87.103): 56 data bytes
...
internal request on machine A:
ping d.domain.swi
ping: unknown host: d.domain.swi
external request on machine A:
ping www.google.com
ping: unknown host: www.google.com
/var/log/daemon file on machine D:
d named[15789]: client 192.168.56.67#43919: query (cache) 'd.domain.swi/A/IN' denied
d named[15789]: client 192.168.56.67#32746: query (cache) 'www.google.com/A/IN' denied
I'm not sure about forwarding configuration in named.conf, but I can't see why should be queries denied. I would appreciate any help, comments or hints very much! Thanks!