Forwardin Split DNS

Kevin Darcy kcd at daimlerchrysler.com
Wed Apr 25 20:39:37 UTC 2001


A couple of things:

1. Since you have not specified "forward only", the forwarding mode will
default to "forward first". This means that if forwarding fails for any
reason, named will fall back to iterative querying, and if the name is not
available by following the delegation chain from the root, you'll get a
negative answer. This is probably not what you want. You probably want
"forward only". Of course, this is only an issue if there is a problem
talking to your forwarders. You _have_ verified that your forwarders can
resolve these queries, right?

2. Your subject line mentions "Split DNS". Is one side of the "split" an
internal root, by any chance? If so, then "foobar.com" needs to be
delegated properly if this nameserver happens to be authoritative for the
closest ancestor zone (i.e. "." or "com"). We were just talking about this
in another thread: apparently named requires proper delegations, even in a
"selective forwarding" configuration (like yours would be with "forward
only") where it would never actually use the delegation information.
Strange but true.


- Kevin

Torsten Rink wrote:

> Hi,
>
> We use bind 8.2.3 under Solaris 8
>
> All lookups for objects of domain foobar.com should be forwarded to
> other nameservers:
>
> zone "foobar.com" in {
>   type forward;
>   forwarders { 1.2.3.4; 1.2.3.5; };
> };
>
> named.conf contains only other primary zone files.
>
> A lookup of xyz.foobar.com shows "Non existent host/domain" because the
> named looks up in cache/root cache and does not follow the forwarding
> zone path.
>
> Is there anything else to think of ??





More information about the bind-users mailing list