nslookup can't but browser can !

Brent Butler Brent_Butler at interliant.com
Thu Aug 24 21:41:19 UTC 2000



Please remove me from the email list.  Thanks.

Brent



                                                                                            
                    Kevin Darcy                                                             
                    <kcd at daimlerchr        To:     bind-users at isc.org                       
                    ysler.com>             cc:                                              
                    Sent by:               Subject:     Re: nslookup can't but browser can  
                    kcd at daimlerchry        !                                                
                    sler.com                                                                
                                                                                            
                                                                                            
                    08/24/2000                                                              
                    05:36 PM                                                                
                                                                                            
                                                                                            




1. *Both* forms of forwarding check the cache first, as I already
explained.

2. "Forward only", as the name suggests, *only* uses the forwarders. You
explained that your forwarders are all external boxes. This is why it never
asks your internal boxes when "forward only" is in effect.

3. How do you know that the query *isn't* being forwarded to your Internet
box
when "forward first" is in effect? Have you run a packet trace, turned on
debugging? All you know for sure is that it isn't getting a satisfactory
answer. My speculation is that it *is* forwarding but not getting an answer
fast enough.

4. What "recursion set"ting are you referring to? "allow-recursion" only
affects the interaction between the nameserver and its clients and has
nothing
to do with whether the server chooses to interact with other nameservers
recursively or iteratively.


- Kevin

Quadri, Jay wrote:

> I disagree here is why:
> Forward first causes the server to check the local cache for the answer
and
> if not found, then forward the query. This is the default setting.
> Forward only the server will only forward the queries.
>
> You didn't explain why 'forward only' does not forward to other Internal
> nameserver.
> and why 'forward  first' does not forward to the Internet nameserver.
>
> It's a mystery to me.  You might want to read the question again.
>
> >From your definition of 'forward first', will it fall back to iterative
> resolution even if you have recursion set; I don't think so.
>
> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Thursday, August 24, 2000 12:52 AM
> To: bind-users at isc.org
> Subject: Re: nslookup can't but browser can !
>
> No, both forms of forwarding look at the cache first. The difference is
in
> what
> they do if they don't get a response from the forwarder(s): "forward
> first" falls back to iterative resolution; "forward only" doesn't.
>
> Given that, I'd speculate that your forwarder is answering *slowly*. With
> "forward first", you timeout and ask the internal servers about the
Internet
> name, which claim that the name doesn't exist, but with "forward only",
it
> keeps on retrying the query and eventually gets an answer. On the other
> hand,
> "forward first" works for internal names, because the internal servers
know
> about them, but "forward only" does not, because apparently your
forwarder
> doesn't.
>
> This speculation could be verified by enabling debugging on the
nameserver.
>
> If this speculation is correct, then:
>
> 1) find out why your forwarder is so slow to respond and fix it
> 2) change the global forwarding option to "forward only"
> 3) define the apex zones of all your internal domains as
slave/stub/forward
> to
> the appropriate servers in order to "override" the forwarding to your
> Internet
> forwarder (for slave or stub zones you may want to specify "forwarders
{ }"
> in
> order to override forwarding for subzones as well). That way you'll be
able
> to
> resolve both internal and external names.
>
> - Kevin
>
> Quadri, Jay wrote:
>
> > I have a similar problem, my DNS box (A) only resolves internal names,
and
> > forwards Internet request to an internet DNS box (B), also forwards to
> other
> > extranet domestic nameservers (C).  my intranet DNS server has its own
> hints
> > file (not the Internic's, I wrote it, only includes my Intranet DNS
boxes
> as
> > root servers).  ping works at all times, nslookup does not depending on
> the
> > forward, if the forwarding is set to:
> >
> > forward     first ;   I can use nslookup or dig to resolve Domestic
names
> > but not Internet names (C) .
> > (forward first Checks the cache first before forwarding).
> >
> > forward   only ;   I can resolve Internet names with nslookup or dig,
but
> > can't resolve other domestic names (C) (forward all request).
> >
> > Any ideas?
> >
> >












More information about the bind-users mailing list