Forward zone problem

Mark Andrews Mark_Andrews at isc.org
Fri Mar 17 08:13:35 UTC 2006


> Here is a dig for a name that works with a forward zone on the system
> currently:
> 
> 
> # ./dig wap.cingular.mnc410.mcc310.gprs a
> 
> ; <<>> DiG 9.2.2 <<>> wap.cingular.mnc410.mcc310.gprs a
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1122
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;wap.cingular.mnc410.mcc310.gprs. IN    A
> 
> ;; ANSWER SECTION:
> wap.cingular.mnc410.mcc310.gprs. 234 IN A       66.102.184.193
> wap.cingular.mnc410.mcc310.gprs. 234 IN A       66.102.185.193
> 
> ;; AUTHORITY SECTION:
> mnc410.mcc310.gprs.     447     IN      NS
> wcrdns1.mnc410.mcc310.gprs.
> mnc410.mcc310.gprs.     447     IN      NS
> atlrdns1.mnc410.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> wcrdns1.mnc410.mcc310.gprs. 604647 IN   A       66.102.185.70
> atlrdns1.mnc410.mcc310.gprs. 604647 IN  A       66.102.184.70
> 
> ;; Query time: 9 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Thu Mar 16 16:43:06 2006
> ;; MSG SIZE  rcvd: 158
> 
> #
> 
> 
> This is a dig against the forwarder that is not working:
> 
> 
> ********************** from epictouch *********************
> 
> # ./dig internet.epictouch.mnc610.mcc310.gprs a
> 
> ; <<>> DiG 9.2.2 <<>> internet.epictouch.mnc610.mcc310.gprs a
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47408
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;internet.epictouch.mnc610.mcc310.gprs. IN A
> 
> ;; AUTHORITY SECTION:
> .                       10800   IN      SOA     a.root-servers.net.
> nstld.verisi
> gn-grs.com. 2006031600 1800 900 604800 86400
> 
> ;; Query time: 118 msec
> ;; SERVER: 12.25.118.10#53(12.25.118.10)
> ;; WHEN: Thu Mar 16 16:44:38 2006
> ;; MSG SIZE  rcvd: 130
> 
> The is no zone file on the machine for any of the configured forward
> zone.  They only exist as directives in named.conf.
> 
> But I see the posts that DNS will not forward for something it is
> authoritive for.  Where would this authority reside?  There are no zone
> files with any matching names of the forward zones.
> 
> My only thought is perhaps the segment   mcc310.gprs  is somehow
> authoritive on the server, but that would not explain how the cingular
> dig worked then.
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Stefanick, Andrew 
> Sent: Thursday, March 16, 2006 12:58 PM
> To: bind-users at isc.org
> Subject: Forward zone problem
> 
> I am struggling with a forward zone issue in Bind 9
>  
> 
> We have many forward zones configured and they work fine.  They really
> amount to no more than a forward directive such as
> 
>  
> 
>  
> 
> zone "name.of.domain" {
> 
>     type forward;
> 
>     forwarders {w.x.y.z;};
> 
> };
> 
>  
> 
>  
> 
> We put in a new one, and it will not work.  nslookup shows it seemingly
> only trying to resolve the query internally.
> 
>  
> 
> If I set the server to the IP of the forwarder in the nslookup, then we
> can resolve the queries when posed directly to the remote DNS server.
> So, it is not a networking issue.
> 
>  
> 
> I do not understand the logic/sequence that occurs when a query is posed
> that should be sent to a forwarder.  Where do the root-server  records
> come in, and why even.  Doesn't the forward directive tell the server,
> "don't even bother, just go to w.x.y.z for the answer"

	When you set "forward only;" that's what it does.
 
> here are some example of using dig against some of the forward zones
> that work.  The AUTHORITY section shows the name of the remote DNS that
> controls the domain.
> 
>  
> 
> When I try dig for the new forwarder, the only AUTHORITY that shows is
> the A.rootserver.
> 
>  
> 
> I really don't get it.
> 
>  
> 
> I ONLY put in the 3 line directive, and I am done.
> 
>  
> 
> I don't even know what to change/try.  It is too simple to implement.
> 
>  
> 
>  
> 
>  
> 
> # ./dig mnc150.mcc310.gprs
> 
>  
> 
> ; <<>> DiG 9.2.2 <<>> mnc150.mcc310.gprs
> 
;; global options:  printcmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61159
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
>  
> 
> ;; QUESTION SECTION:
> 
> ;mnc150.mcc310.gprs.            IN      A
> 
>  
> 
> ;; AUTHORITY SECTION:
> 
> mnc150.mcc310.gprs.     600     IN      SOA
> wcrdns1.mnc410.mcc310.gprs. root
> 
> .wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
> 
>  
> 
> ;; Query time: 115 msec
> 
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> 
> ;; WHEN: Thu Mar 16 15:37:45 2006
> 
> ;; MSG SIZE  rcvd: 92
> 
>  
> 
> # ./dig mnc170.mcc310.gprs
> 
>  
> 
> ; <<>> DiG 9.2.2 <<>> mnc170.mcc310.gprs
> 
> ;; global options:  printcmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3961
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
>  
> 
> ;; QUESTION SECTION:
> 
> ;mnc170.mcc310.gprs.            IN      A
> 
>  
> 
> ;; AUTHORITY SECTION:
> 
> mnc170.mcc310.gprs.     600     IN      SOA
> wcrdns1.mnc410.mcc310.gprs. root
> 
> .wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
> 
>  
> 
> ;; Query time: 99 msec
> 
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> 
> ;; WHEN: Thu Mar 16 15:38:05 2006
> 
> ;; MSG SIZE  rcvd: 92



--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list