problem with forwarders for internal dns

Barry Margolin barmar at genuity.net
Wed Aug 1 22:56:38 UTC 2001 

In article <9k93nd$l9c at pub3.rc.vix.com>,
Leong Min Yen <myleong at ncs.com.sg> wrote:
>
>Hi
>
>I have some problems with the internal dns servers. 
>
>Senario:
>the internal dns server will forward to the external dns server for
>all name resolution except or domaina.com.sg and domainb.com.sg
>
>all the servers are using bind 8.2.3
>domaina.com.sg is hosted on internal dns serverA
>domainb.com.sg is hosted on internal dns serverB
>
>However, serverA and serverB complains of 
>sysquery: no addrs found for root NS () 
>
>In addition, a listing of the domain soa shows wrong records.
>
>So what went wrong? 
>Do I still need the hint file for serverA when I have already
>forwarded to the external dns server for others under options and
>serverb for domainb.com.sg?

You need the "forward only" option to prevent your server from trying to
connect to the real root servers if the external server doesn't answer.

Also, you should replace your fake db.cache with the real one.  The entries
in that file are just used during startup; the server queries one of the
servers in the list to get the latest list of root NS records.  So putting
your external DNS there doesn't really help, since it will return the real
root records.

><serverA named.conf>
>options {
>        directory "/var/named";
>        pid-file "/var/named/named.pid";
>        forwarders { externaldnsip; };
>};
>zone "." in {
>        type hint;
>        file "db.cache";
>};
>zone "domaina.com.sg" in {
>        type master;
>        file "master/db.domaina.com.sg";
>}; 
>zone "domainb.com.sg" in {
>        type forward;
>        forwarders { serverbIP; };
>        forward only;
>}; 
>
><serverA db.cache>
>.  999999 NS externalserver.
>externalserver. IN A X.X.X.X
>
>
>Thanks in advance.
>
>Regards,
>MinYen
>
>


-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list