non-recurce queries on 8.2.2 pl 5

Joseph S D Yao jsdy at cospo.osis.gov
Mon Nov 29 02:48:28 UTC 1999 

On Tue, Nov 23, 1999 at 09:35:10AM +0100, Peter.Pedersen at sas.dk wrote:
> The configuration on the firewall point to an number of different DNS
> servers (maintained by partners) on an extra-net and on the intranet and we
> do not want to make zone-transfers from internal or external DNS servers.
> This configuartion minimize the maintenance on the firewall and the need for
> bandwith (no zone transfer).
> 
> It is not yet in production, but everything seems to be fine except when the
> DNS server recive a non-recurce query and it does not have the information
> in cache.
> 
> Unfortunately this happen quite often, since the other partners access to
> our DNS (on the extranet firewall) goes through their own DNS servers (using
> forward-zone or internal root configuration). A DNS server makes non-recurce
> queries in order to resolve names.
> 
> I have not found any way to force a DNS server to make recurce queries??

I am quite confused by your description.

You can "force" a DNS server to make recursive queries by making it
"forward only" to the next server.  But in part of your complaint, you
seem to be complaining that your servers are RECEIVING non-recursive
queries.

Actually, you seem to be discussing several name servers, some of which
are firewalled away from each other, and some of which are multiply
firewalled away from the Internet.  And some of which, therefore, must
be on those firewalls.

Draw a graph.  Show the name service connectivity.  You should have one
line for each server to the primary internal name server, which may be
on the firewall, but which definitely has access to the Internet name
service.  DON'T have all of your name servers query each other.
Instead, have them "forward only" to this primary internal name server.
This server, in turn, should know the internal servers for each internal
domain, and should have "forward" zones for each internal domain, to
direct queries back to their individual internal servers.  This should
simplify your graph considerably.

Does this sound something like your system?  Do you think this may help
you?

-- 
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

More information about the bind-users mailing list