REPOST: unable to locate server after upgrade to BIND 8.2.3 for NT

[Danny Mayer]

         I think you need to just set the forward to "forward only".  If you are behind
a firewall, then your server cannot access the Internet directly to answer the
query itself, which is what "forward first" would do if the forwarder does satisfy
the query and it's not in cache.

                 Danny
At 04:52 PM 3/8/01, Stanley Liu wrote:

>Hi guys,
>
>As I did not have much luck from the group with my previous post, I am reposting
>the following just in case it skipped the attention of someone who knows last
>time:
>
>After upgrade from BIND 4.9.7 for NT to BIND 8.2.3 for NT, I have noticed that I
>have lots of "unable to locate the server" errors from Netscape if the domain
>name of the URL is not in BIND's cache.  When I tried the URL again, the domain
>will be resolved and the web page displayed.  I have checked that if I use BIND
>4.9.7 for NT (I have both versions and the BIND 4.9.7 box is a slave to the
>internal domain we are hosting on the BIND 8.2.3 box), I have no such problem.
>
>We forward all queries first to our parent company's DNS via our private
>network.  The BIND 8.2.3 box has a "forward first;" and "forwarders
>{161.93.207.98; };" in the options statement - 161.93.207.98 being our parent
>company's internal DNS which will response with status "SERVFAIL" (from dig) for
>any domains that it is not authoritative on.  The 4.9.7 box has similar
>configurations ("forwarders 161.93.207.98" in named.boot).  Our parent's DNS
>seems to work properly.
>
>I am suspecting the problem that I have has something to do with the "forward
>first" configuration.  I am suspecting that BIND times out before it gets an
>answer from other DNS other than our parent company's DNS.  Could this happen?
>How do I find out what is causing the problem?  Is there a parameter that I can
>set to lengthen the timeout period?  Or am I way off track here?