DNS unable to resolve domain, but works when I go directly to the source DNS

Kevin Darcy kcd at daimlerchrysler.com
Tue Jul 9 20:51:26 UTC 2002 

apara at standardset.com wrote:

> I am trying to use a type=forward domain, to offload the processing of
> the lookup from the machine I have no access to, onto my machine which
> I can control.
>
> In the machine I have no access to (ns5.ceiva.com), I have added a
> type=forward domain with forwarders set to my machine.

I don't understand. You have no access to the machine, yet you can define
a "type forward" domain in it (?!?!?) How is that possible without
access?

> If I now execute dig @ns5.ceiva.com www.myprofiles.com I get a proper
> reply and it appears to be working.
>
> If I execute dig @206.13.29.12 www.myprofiles.com  (another DNS server
> pacbell in this case), I get a  SERVFAIL status.  With a trace (dig
> @206.13.29.12 www.myprofiles.com +trace) it seems like a query to
> ns5.ceiva.com returns top level domains and NOT www.myprofiles.com.
>
> com.                    106461  IN      NS      A.GTLD-SERVERS.NET.
> com.                    106461  IN      NS      G.GTLD-SERVERS.NET.
> com.                    106461  IN      NS      H.GTLD-SERVERS.NET.
> <snip>
> ;; Received 469 bytes from 192.216.219.2#53(NS5.CEIVA.com) in 33 ms
>
> Could someone explain to me, why a direct request to ns5.ceiva.com
> works, but a resolution from a different DNS does not.

Actually, dig @206.13.29.12 www.myprofiles.com seems to be working fine
right now...

> Better yet, how can I accomplish what I am trying to do.  I have no
> administrative access to ns5.ceiva.com, but I still want to be able to
> add/remove entries from my DNS.  I have a DNS of my own, which I can
> control.  What is the proper way to "forward" lookups from
> ns5.ceiva.com to my personal DNS.

The only reasonable ways to control the contents of your DNS zone are
a) be the master of the zone, or b) be able to update the zone remotely,
e.g. via Dynamic Update or through remote access to the zonefiles (plus
presumably a way to tell the nameserver to reload the zone whenever it
changes). A delegated nameserver like ns5.ceiva.com *cannot* reliably act
as simply a forwarder to some other nameserver, since most requests which
go to delegated nameservers don't request recursion, and therefore would
never be forwarded.


- Kevin

More information about the bind-users mailing list