Win95 machine not looking at 2nd and 3rd DNS

Mike Dimmick mike at dimmick.demon.co.uk
Fri Mar 10 00:52:15 UTC 2000


"nobody" <nobody at nowhere.com> wrote in message
news:38C7E113.9518ADF at nowhere.com...
> Hi All
>
> I have a Win 95 machine which is set up to look at 3 DNS servers.  The
> first is our internal, and the second and third are the ISP's.  If I
> look for a web address, the machine will query only the internal then
> give up (checked this with a packet sniffer).
>
> The internal DNS is sat on a linux box and serves subdomains beneath
our
> internet registered domain (ie. registed domain foo.com, this box does
> london.foo.com and paris.foo.com).  The machine has no zone for root
> ".".

What, none at all?

If your internal name server only needs to do internal lookups, not
external ones (for example, like here where we have lots of computers
with modems attached but the name servers have not!) then you should
consider creating a _master_ zone for "." which lists your own name
servers as authoritative for ".".

An example from my own configuration:
In named.conf:

zone "." {
        type master;
        file "hint/root.fake";
};

/var/named/hint/root.fake is:

$TTL    6D
.    6D   IN  SOA  dragon.brook-green.org.uk.
hostmaster.dragon.brook-green.org.
uk (
        2000030201      ; serial
        28800           ; refresh
        14400           ; retry
        3600000         ; expire
        86400 )         ; min ttl

.       6D      IN      NS      hercules.brook-green.org.uk.
.       6D      IN      NS      watson.brook-green.org.uk.
.       6D      IN      NS      dragon.brook-green.org.uk.

hercules.brook-green.org.uk.    6D      IN      A       192.168.0.226
watson.brook-green.org.uk.      6D      IN      A       192.168.0.3
dragon.brook-green.org.uk.      6D      IN      A       192.168.0.1

The reason I have it set like this is so that the other servers can grab
this zone from me if they choose.  We run a co-operative network of
students, so I don't have any control over it!

What doing this does for you is to change the response you get from
'Server Failed' to 'No Such Domain'.  It appears that this can force the
resolver to move on to the next name server it knows about.

It also has the very useful effect of getting rid of all the:

servfail: nlookup error on ?

messages out of your system logs.

Hope this helps,

--
Mike Dimmick





More information about the bind-users mailing list