BIND 8 forwarding question

Lemman, Paul paul_lemman at
Mon Oct 8 19:16:51 UTC 2001

I'd thought about just making the zone declaration a stub zone as you suggest.  The problem is that the site is connected to our internal roots via a VPN.  If the VPN goes down, I don't want the forwarder to then ask the Internet roots which winds up pulling data from our external view (we run a split horizon DNS) servers.  These machines will return some RNAT addresses which would then be cached when the VPN comes back up and cause problems.  

It sounds like what you're suggesting would work since even if the VPN goes down, the forwarder would just be unable to talk to the internal root nameservers and return a failure.



paul lemman                                       V: 503.685.1554
IT Computer Services                 
Mentor Graphics Corporation

-----Original Message-----
From: Cricket Liu [mailto:cricket at]
Sent: Monday, October 08, 2001 11:22 AM
To: Lemman, Paul; bind-users at
Subject: Re: BIND 8 forwarding question

> Sorry I wasn't clear.
> From cricket's response, it sounds like this won't work since the
forwarding server
> doesn't forward to anyone else.

Actually, Paul, it should work once everything's set up, if I understand
what you want to do correctly.  Let me see if I've got it:

- You want your forwarder to resolve Internet domain names iteratively
(by working its way down from the root name servers)

- You want your forwarder to resolve domain names
iteratively by working its way down from the internal
name servers, at,, and

Is that right?

If that's the case, delete the "forward" and "forwarders" substatements
from your stub zone and make sure the name server is able to look up's SOA and NS records from those four name servers.
If it is, this should be working.


Men & Mice
DNS Software & Services

More information about the bind-users mailing list