forwarding a subdomain

Barry Margolin barmar at
Sat Nov 13 07:19:19 UTC 2004

In article <cn39g4$25jk$1 at>,
 Edward Buck <ed at> wrote:

> Hi there,
> I'm trying to setup a subdomain via forwarding and I'm seeing some 
> unexpected behavior (unexpected for me, not necessarily for bind or 
> you).  Here's the scenario:
> I have a public nameserver, i.e., which is authoritative 
> for  In the zone file for, I've delegated a 
> subdomain to another nameserver by doing:
> sub      IN NS
> ns1-sub  IN A  ; public ip
> Now, on, I've configured bind with the following zone:
> zone "" {
>          type forward;
>          forward first;
>          forwarders {
> port 10053; // private ip
>          };
> };
> The host above is on a private network accessible to ns1-sub 
> but not to the general public.
> The goal is to have ns1-sub resolve all queries for the subdomain 
> by forwarding each request to the internal server at 
> Now, here's what I don't understand.  If I query ns1-sub directly for a 
> host in (i.e., the forwarding works 
> as expected.  If I query ns1-sub using a different nameserver (i.e. from 
> my ISP nameserver), the query works ONLY If ns1-sub has cached the data. 
>   If it's not in the cache, there's no answer.  This suggests that the 
> forwarding doesn't work for recursive queries.

When a recursive server is processing a query, it uses iterative mode, 
so it doesn't set the "Recursion Desired" flag when it sends its 
queries.  When it queries a server that isn't authoritative for the 
zone, it expects to receive a referral, and it will then ask one of 
those servers, repeating this process until it reaches the authoritative 

In general, a subdomain can only be delegated to an authoritative 
server, not a forwarding server.

Barry Margolin, barmar at
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list