- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
#4363: How does a Forward zone work?
If you would like to forward queries for a domain to a set of DNS servers, then you can configure the zone as a forward zone.
A forward zone consists of two components:
- Forwarders
-
- These are DNS Servers to which the queries for the zone are forwarded to.
- Forwarding Member
-
- These are Infoblox appliances which gets queries for the zone and then forwards it to the configured Forwarders.
- These are Infoblox appliances which gets queries for the zone and then forwards it to the configured Forwarders.
Example configuration for a forward zone in the DNS configuration file:
zone "infoblox.com" { # infoblox.com
type forward;
forwarders { 10.192.12.12; };
};
In the above example, zone "infoblox.com" is configured to forward queries for this domain to the forwarder DNS server 10.192.12.12.
Below packet capture will show how forwarding works:
We are using the below configuration for this exercise:
Client IP: 10.192.16.215
Forwarding Infoblox DNS server: 10.192.32.182
Forwarder DNS Server IP: 10.192.12.12
- Client 10.192.16.215 sends an A record query for www.infoblox.com to the forwarding Infoblox DNS server 10.192.32.182 as shown below:
10.192.16.215 10.192.32.182 DNS 89 Standard query 0xf621 A www.infoblox.com
- This client query is a Recursive query as shown below. The Recursion desired flag is set.
Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
.... .... ...0 .... = Non-authenticated data: Unacceptable
- The forwarding DNS server then forwards the same query to the forwarder DNS server 10.192.12.12 as shown below:
10.192.32.182 10.192.12.12 DNS 89 Standard query 0x634f A www.infoblox.com
- The above query is also a recursive query as shown below. The recursion desired flag is set.
Flags: 0x0100 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
- Forwarder 10.192.12.12 provides an answer to the Infoblox forwarding member as shown below:
10.192.12.12 10.192.32.182 DNS 531 Standard query response 0x634f CNAME a.testinfoblox.com A 10.192.32.23
- Infoblox forwarding member then answers the client query as shown below:
10.192.32.182 10.192.16.215 DNS 187 Standard query response 0xf621 CNAME a.testinfoblox.com A 10.192.32.