We use DNS in NW6.5 SP3. I've some customers who want to be able to access
hostnames in a zone on a connected company site (call it ERMINTRUDE.COM).
The know-all techy on the remote site syas all I have to do is create BIND
entries like:

zone "ermintrude.com" in {
type forward;
forwarders {;; };


The issue of not being able to configure BIND in named.com has come up
several times in this forum, on17th december 2003 21:56 D. Skye Hodges wrote
the post below, detailing how the problem was that however you configure
sys:\etc\dns\named.com the config stored in edirectory overwrites it
whenever named.nlm is reloaded. A workaround was to lock nds (!), but he
also speculated that you could remove the rights for the DNS_Server object
to read nds, thus forcing it to use named.com (although this would render
the DNS gui tool useless).

Just wanted to know, has there been any development on this issue? Is there
a patched version of named.nlm available, or have D.Skye or anyone found a
neat fix?

Novell DNS really should be able to do this....

Steve Law


Well, I've tested it, and I see the problem (I'm trying to figure out
a workaround).

First, When NAMED has access to NDS, it loads the configuration from
NDS, this IMMEDIATELY rewrites the NAMED.CON file.... I'm trying to figure
out a way to make this not happen... No luck so far.

What I HAVE found is this:

LOCK NDS:YES, F10), THEN reconfigure NAMED.CON, then LOAD NAMED, then
it will accept your changes to the NAMED.CON file, I had to create some
'bogus entries:

options {
novell_audit-level 255;
novell_snmp-trap 3;
novell_zone-list {test.mydomain;};
forwarders {;;;};
novell_server-dnsname ns1.test;
zone-statistics yes;minimal-responses yes;
provide-ixfr no;
novell_dyn-reconfig 600;
novell_server-mod-time 1071687142;
novell_server-dn DNS_shodges65.mydomain;

zone "test." IN {
file "test.db";
novell_designated-server DNS_shodges65.mydomain;
novell_zone-servers {DNS_shodges65.mydomain;};
type master;
allow-update {localnets;;};
zone-statistics yes;
novell_zone-mod-time 1071686345;
novell_zone-creation-time 1068748916;
novell_zone-dn test.mydomain;

zone "domain-to-forward.domain.com." IN {
novell_designated-server DNS_shodges65.mydomain;
type forward;
forwarders {;;};
novell_zone-mod-time 1071686345;
novell_zone-creation-time 1068748916;
novell_zone-dn notexists.mydomain;

At this point in time, my server forwarded requests for www.novell.com
to the regular forwarders, and requests for anything in the
domain-to-forward.domain.com to the domain specific forwarders.

So, in conclusion... It APPEARS that although Novell has support for
the forward zones, they don't make it very easy to accomplish.

I believe that I will be able to find a workaround by removing rights
from the server, or DNS_Server object so that it CANNOT get read access to
NDS to try to find out it's configuration.

The drawback... Not being able to use the management console anymore
(because it writes all its changes to NDS, and NAMED will no longer
access NDS, so all domain changes will have to be made in the DB files
I'm getting to the point of wanting to do anyway.....).

I hope that this at least sortof helps....