Forward zone problem
Mark Andrews
Mark_Andrews at isc.org
Fri Mar 17 08:13:35 UTC 2006
> Here is a dig for a name that works with a forward zone on the system
> currently:
>
>
> # ./dig wap.cingular.mnc410.mcc310.gprs a
>
> ; <<>> DiG 9.2.2 <<>> wap.cingular.mnc410.mcc310.gprs a
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1122
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;wap.cingular.mnc410.mcc310.gprs. IN A
>
> ;; ANSWER SECTION:
> wap.cingular.mnc410.mcc310.gprs. 234 IN A 66.102.184.193
> wap.cingular.mnc410.mcc310.gprs. 234 IN A 66.102.185.193
>
> ;; AUTHORITY SECTION:
> mnc410.mcc310.gprs. 447 IN NS
> wcrdns1.mnc410.mcc310.gprs.
> mnc410.mcc310.gprs. 447 IN NS
> atlrdns1.mnc410.mcc310.gprs.
>
> ;; ADDITIONAL SECTION:
> wcrdns1.mnc410.mcc310.gprs. 604647 IN A 66.102.185.70
> atlrdns1.mnc410.mcc310.gprs. 604647 IN A 66.102.184.70
>
> ;; Query time: 9 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Thu Mar 16 16:43:06 2006
> ;; MSG SIZE rcvd: 158
>
> #
>
>
> This is a dig against the forwarder that is not working:
>
>
> ********************** from epictouch *********************
>
> # ./dig internet.epictouch.mnc610.mcc310.gprs a
>
> ; <<>> DiG 9.2.2 <<>> internet.epictouch.mnc610.mcc310.gprs a
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47408
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;internet.epictouch.mnc610.mcc310.gprs. IN A
>
> ;; AUTHORITY SECTION:
> . 10800 IN SOA a.root-servers.net.
> nstld.verisi
> gn-grs.com. 2006031600 1800 900 604800 86400
>
> ;; Query time: 118 msec
> ;; SERVER: 12.25.118.10#53(12.25.118.10)
> ;; WHEN: Thu Mar 16 16:44:38 2006
> ;; MSG SIZE rcvd: 130
>
> The is no zone file on the machine for any of the configured forward
> zone. They only exist as directives in named.conf.
>
> But I see the posts that DNS will not forward for something it is
> authoritive for. Where would this authority reside? There are no zone
> files with any matching names of the forward zones.
>
> My only thought is perhaps the segment mcc310.gprs is somehow
> authoritive on the server, but that would not explain how the cingular
> dig worked then.
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Stefanick, Andrew
> Sent: Thursday, March 16, 2006 12:58 PM
> To: bind-users at isc.org
> Subject: Forward zone problem
>
> I am struggling with a forward zone issue in Bind 9
>
>
> We have many forward zones configured and they work fine. They really
> amount to no more than a forward directive such as
>
>
>
>
>
> zone "name.of.domain" {
>
> type forward;
>
> forwarders {w.x.y.z;};
>
> };
>
>
>
>
>
> We put in a new one, and it will not work. nslookup shows it seemingly
> only trying to resolve the query internally.
>
>
>
> If I set the server to the IP of the forwarder in the nslookup, then we
> can resolve the queries when posed directly to the remote DNS server.
> So, it is not a networking issue.
>
>
>
> I do not understand the logic/sequence that occurs when a query is posed
> that should be sent to a forwarder. Where do the root-server records
> come in, and why even. Doesn't the forward directive tell the server,
> "don't even bother, just go to w.x.y.z for the answer"
When you set "forward only;" that's what it does.
> here are some example of using dig against some of the forward zones
> that work. The AUTHORITY section shows the name of the remote DNS that
> controls the domain.
>
>
>
> When I try dig for the new forwarder, the only AUTHORITY that shows is
> the A.rootserver.
>
>
>
> I really don't get it.
>
>
>
> I ONLY put in the 3 line directive, and I am done.
>
>
>
> I don't even know what to change/try. It is too simple to implement.
>
>
>
>
>
>
>
> # ./dig mnc150.mcc310.gprs
>
>
>
> ; <<>> DiG 9.2.2 <<>> mnc150.mcc310.gprs
>
;; global options: printcmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61159
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
>
>
> ;; QUESTION SECTION:
>
> ;mnc150.mcc310.gprs. IN A
>
>
>
> ;; AUTHORITY SECTION:
>
> mnc150.mcc310.gprs. 600 IN SOA
> wcrdns1.mnc410.mcc310.gprs. root
>
> .wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
>
>
>
> ;; Query time: 115 msec
>
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
>
> ;; WHEN: Thu Mar 16 15:37:45 2006
>
> ;; MSG SIZE rcvd: 92
>
>
>
> # ./dig mnc170.mcc310.gprs
>
>
>
> ; <<>> DiG 9.2.2 <<>> mnc170.mcc310.gprs
>
> ;; global options: printcmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3961
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
>
>
> ;; QUESTION SECTION:
>
> ;mnc170.mcc310.gprs. IN A
>
>
>
> ;; AUTHORITY SECTION:
>
> mnc170.mcc310.gprs. 600 IN SOA
> wcrdns1.mnc410.mcc310.gprs. root
>
> .wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
>
>
>
> ;; Query time: 99 msec
>
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
>
> ;; WHEN: Thu Mar 16 15:38:05 2006
>
> ;; MSG SIZE rcvd: 92
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list