Forward zone problem

Barry Margolin barmar at alum.mit.edu
Wed Mar 22 14:00:29 UTC 2006


In article <dvpne6$v4g$1 at sf1.isc.org>,
 "Stefanick, Andrew" <astefanick at metasolv.com> wrote:

> What is the significance of the AUTHORITY flag in all these dig
> outputs??
> 
> Seems that all the successful responses have AUTHORITY:0
> 
> And the unsuccessful ones have AUTHORITY:1
> 
> What determines the AUTHORITY?

That's not a flag, it's a count -- the number of records in the 
AUTHORITY section.  The unsuccessful ones have the root SOA record in 
their Authority Section.  For some reason they're recursing to the 
Internet root server rather than to the forwarder you've configured.

> 
> I though only the zones which I am MASTER am I authoritive for.

That's the Authoritative Answer flag, which shows up as "flags: aa" in 
dig output.

> 
> 
> 
> 
> mnc410.mcc310.gprs is a working forwarder
> 
> mnc610.mcc310.gprs is the one we are trying to get to work.
> 
> 12.25.118.5 has the 610 forwarder in its config.
> 
> 12.25.118.10  is the other DNS, and I do not have it know about 610

Have you turned on debugging, or run tcpdump, to see whether your server 
is trying to send to the forwarder or not?

> 
> 
> 
> # ./dig @12.25.118.5 mnc410.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc410.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30768
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;mnc410.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc410.mcc310.gprs.     491     IN      NS
> wcrdns1.mnc410.mcc310.gprs.
> mnc410.mcc310.gprs.     491     IN      NS
> atlrdns1.mnc410.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> wcrdns1.mnc410.mcc310.gprs. 604691 IN   A       66.102.185.70
> atlrdns1.mnc410.mcc310.gprs. 604691 IN  A       66.102.184.70
> 
> ;; Query time: 3 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Tue Mar 21 09:51:07 2006
> ;; MSG SIZE  rcvd: 113
> 
> # ./dig @12.25.118.10 mnc410.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc410.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60379
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;mnc410.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc410.mcc310.gprs.     407     IN      NS
> atlrdns1.mnc410.mcc310.gprs.
> mnc410.mcc310.gprs.     407     IN      NS
> wcrdns1.mnc410.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> wcrdns1.mnc410.mcc310.gprs. 604607 IN   A       66.102.185.70
> atlrdns1.mnc410.mcc310.gprs. 604607 IN  A       66.102.184.70
> 
> ;; Query time: 5 msec
> ;; SERVER: 12.25.118.10#53(12.25.118.10)
> ;; WHEN: Tue Mar 21 09:51:33 2006
> ;; MSG SIZE  rcvd: 113
> 
> # ./dig @66.102.184.70 mnc410.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @66.102.184.70 mnc410.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59520
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;mnc410.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc410.mcc310.gprs.     600     IN      NS
> atlrdns1.mnc410.mcc310.gprs.
> mnc410.mcc310.gprs.     600     IN      NS
> wcrdns1.mnc410.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> wcrdns1.mnc410.mcc310.gprs. 3600000 IN  A       66.102.185.70
> atlrdns1.mnc410.mcc310.gprs. 3600000 IN A       66.102.184.70
> 
> ;; Query time: 198 msec
> ;; SERVER: 66.102.184.70#53(66.102.184.70)
> ;; WHEN: Tue Mar 21 09:51:56 2006
> ;; MSG SIZE  rcvd: 113
> 
> # ./dig @66.102.185.70 mnc410.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @66.102.185.70 mnc410.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9801
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;mnc410.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc410.mcc310.gprs.     600     IN      NS
> atlrdns1.mnc410.mcc310.gprs.
> mnc410.mcc310.gprs.     600     IN      NS
> wcrdns1.mnc410.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> wcrdns1.mnc410.mcc310.gprs. 3600000 IN  A       66.102.185.70
> atlrdns1.mnc410.mcc310.gprs. 3600000 IN A       66.102.184.70
> 
> ;; Query time: 165 msec
> ;; SERVER: 66.102.185.70#53(66.102.185.70)
> ;; WHEN: Tue Mar 21 09:52:37 2006
> ;; MSG SIZE  rcvd: 113
> 
> # ./dig @12.25.118.5 mnc610.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc610.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8942
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mnc610.mcc310.gprs.            IN      NS
> 
> ;; AUTHORITY SECTION:
> .                       10458   IN      SOA     A.ROOT-SERVERS.NET.
> NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400
> 
> ;; Query time: 3 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Tue Mar 21 09:53:00 2006
> ;; MSG SIZE  rcvd: 111
> 
> # ./dig @12.25.118.10 mnc610.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc610.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8084
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mnc610.mcc310.gprs.            IN      NS
> 
> ;; AUTHORITY SECTION:
> .                       10472   IN      SOA     A.ROOT-SERVERS.NET.
> NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400
> 
> ;; Query time: 4 msec
> ;; SERVER: 12.25.118.10#53(12.25.118.10)
> ;; WHEN: Tue Mar 21 09:53:23 2006
> ;; MSG SIZE  rcvd: 111
> 
> # ./dig @206.253.34.38 mnc610.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @206.253.34.38 mnc610.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2627
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;mnc610.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc610.mcc310.gprs.     86400   IN      NS
> ULYSDNS1.mnc340.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> ULYSDNS1.mnc340.mcc310.gprs. 86400 IN   A       206.253.34.38
> 
> ;; Query time: 57 msec
> ;; SERVER: 206.253.34.38#53(206.253.34.38)
> ;; WHEN: Tue Mar 21 09:53:49 2006
> ;; MSG SIZE  rcvd: 82
> 
> 
> 
> 
> These are random digs I did against other forwarders I saw in the conf
> file.
> 
> 
> 
> # ./dig @12.25.118.5 mnc180.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc180.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54675
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;mnc180.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc180.mcc310.gprs.     0       IN      NS      gprsdns.wcc.net.
> mnc180.mcc310.gprs.     0       IN      NS      wcwmps.wcc.net.
> 
> ;; ADDITIONAL SECTION:
> wcwmps.wcc.net.         86400   IN      A       10.10.12.7
> wcwmps.wcc.net.         86400   IN      A       208.33.46.199
> 
> ;; Query time: 315 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Tue Mar 21 09:55:55 2006
> ;; MSG SIZE  rcvd: 118
> 
> # ./dig @12.25.118.10 mnc180.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc180.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44620
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;mnc180.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc180.mcc310.gprs.     0       IN      NS      wcwmps.wcc.net.
> mnc180.mcc310.gprs.     0       IN      NS      gprsdns.wcc.net.
> 
> ;; ADDITIONAL SECTION:
> wcwmps.wcc.net.         86400   IN      A       10.10.12.7
> wcwmps.wcc.net.         86400   IN      A       208.33.46.199
> 
> ;; Query time: 105 msec
> ;; SERVER: 12.25.118.10#53(12.25.118.10)
> ;; WHEN: Tue Mar 21 09:56:30 2006
> ;; MSG SIZE  rcvd: 118
> 
> # ./dig @208.33.46.199 mnc180.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @208.33.46.199 mnc180.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39164
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;mnc180.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc180.mcc310.gprs.     0       IN      NS      gprsdns.wcc.net.
> mnc180.mcc310.gprs.     0       IN      NS      wcwmps.wcc.net.
> 
> ;; ADDITIONAL SECTION:
> wcwmps.wcc.net.         86400   IN      A       10.10.12.7
> wcwmps.wcc.net.         86400   IN      A       208.33.46.199
> 
> ;; Query time: 49 msec
> ;; SERVER: 208.33.46.199#53(208.33.46.199)
> ;; WHEN: Tue Mar 21 09:56:56 2006
> ;; MSG SIZE  rcvd: 118
> 
> 
> # ./dig @12.25.118.5 mnc310.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc310.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49524
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;mnc310.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc310.mcc310.gprs.     3333    IN      NS
> dnssnq00.dsnq.voicestream.us.gprs.
> 
> ;; ADDITIONAL SECTION:
> dnssnq00.dsnq.voicestream.us.gprs. 84687 IN A   216.155.160.196
> 
> ;; Query time: 3 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Tue Mar 21 09:58:07 2006
> ;; MSG SIZE  rcvd: 95
> 
> # ./dig @12.25.118.10 mnc310.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc310.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48665
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;mnc310.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc310.mcc310.gprs.     1702    IN      NS
> dnssnq00.dsnq.voicestream.us.gprs.
> 
> ;; ADDITIONAL SECTION:
> dnssnq00.dsnq.voicestream.us.gprs. 82486 IN A   216.155.160.196
> 
> ;; Query time: 5 msec
> ;; SERVER: 12.25.118.10#53(12.25.118.10)
> ;; WHEN: Tue Mar 21 09:58:28 2006
> ;; MSG SIZE  rcvd: 95
> 
> # ./dig @216.155.160.196 mnc310.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @216.155.160.196 mnc310.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12740
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;mnc310.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc310.mcc310.gprs.     3600    IN      NS
> dnssnq00.dsnq.voicestream.us.gprs.
> 
> ;; ADDITIONAL SECTION:
> dnssnq00.dsnq.voicestream.us.gprs. 86400 IN A   216.155.160.196
> 
> ;; Query time: 655 msec
> ;; SERVER: 216.155.160.196#53(216.155.160.196)
> ;; WHEN: Tue Mar 21 09:58:54 2006
> ;; MSG SIZE  rcvd: 95
> 
> # ./dig @216.155.160.197 mnc310.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @216.155.160.197 mnc310.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42350
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;mnc310.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc310.mcc310.gprs.     3600    IN      NS
> dnssnq00.dsnq.voicestream.us.gprs.
> 
> ;; ADDITIONAL SECTION:
> dnssnq00.dsnq.voicestream.us.gprs. 86400 IN A   216.155.160.196
> 
> ;; Query time: 756 msec
> ;; SERVER: 216.155.160.197#53(216.155.160.197)
> ;; WHEN: Tue Mar 21 09:59:19 2006
> ;; MSG SIZE  rcvd: 95
> 
> # ./dig @216.155.160.105 mnc310.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @216.155.160.105 mnc310.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27698
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;mnc310.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc310.mcc310.gprs.     3600    IN      NS
> dnsnatl0.datl.voicestream.us.gprs.
> 
> ;; ADDITIONAL SECTION:
> dnsnatl0.datl.voicestream.us.gprs. 3600 IN A    216.155.160.105
> 
> ;; Query time: 103 msec
> ;; SERVER: 216.155.160.105#53(216.155.160.105)
> ;; WHEN: Tue Mar 21 10:00:00 2006
> ;; MSG SIZE  rcvd: 95
> 
> # ./dig @216.155.160.106 mnc310.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @216.155.160.106 mnc310.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57308
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;mnc310.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc310.mcc310.gprs.     3600    IN      NS
> dnsnatl0.datl.voicestream.us.gprs.
> 
> ;; ADDITIONAL SECTION:
> dnsnatl0.datl.voicestream.us.gprs. 3600 IN A    216.155.160.105
> 
> ;; Query time: 572 msec
> ;; SERVER: 216.155.160.106#53(216.155.160.106)
> ;; WHEN: Tue Mar 21 10:00:23 2006
> ;; MSG SIZE  rcvd: 95
> 
> 
> 
> And here is the forwarder that had been working for a year to this same
> target.
> 
> # ./dig @12.25.118.5  mnc340.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc340.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34678
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mnc340.mcc310.gprs.            IN      NS
> 
> ;; AUTHORITY SECTION:
> .                       10800   IN      SOA     A.ROOT-SERVERS.NET.
> NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400
> 
> ;; Query time: 2048 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Tue Mar 21 12:04:31 2006
> ;; MSG SIZE  rcvd: 111
> 
> # ./dig @12.25.118.10 mnc340.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc340.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10829
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mnc340.mcc310.gprs.            IN      NS
> 
> ;; AUTHORITY SECTION:
> .                       10800   IN      SOA     A.ROOT-SERVERS.NET.
> NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400
> 
> ;; Query time: 2092 msec
> ;; SERVER: 12.25.118.10#53(12.25.118.10)
> ;; WHEN: Tue Mar 21 12:05:21 2006
> ;; MSG SIZE  rcvd: 111
> 
> # ./dig @206.253.34.38 mnc340.mcc310.gprs. ns
> 
> ; <<>> DiG 9.2.2 <<>> @206.253.34.38 mnc340.mcc310.gprs. ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48777
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;mnc340.mcc310.gprs.            IN      NS
> 
> ;; ANSWER SECTION:
> mnc340.mcc310.gprs.     86400   IN      NS
> ULYSDNS1.mnc340.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> ULYSDNS1.mnc340.mcc310.gprs. 86400 IN   A       206.253.34.38
> 
> ;; Query time: 225 msec
> ;; SERVER: 206.253.34.38#53(206.253.34.38)
> ;; WHEN: Tue Mar 21 12:05:56 2006
> ;; MSG SIZE  rcvd: 75
> 
> -----Original Message-----
> From: Stefanick, Andrew 
> Sent: Monday, March 20, 2006 10:34 AM
> To: bind-users at isc.org
> Subject: RE: Forward zone problem
> 
> I am actually working with BIND 9.2.2 if that makes a huge difference.
> 
> What is the correct way to get meaning query log info?
> 
> I tried -q option, but named does not start when I specify that.
> 
> 
> 
> -----Original Message-----
> From: Stefanick, Andrew 
> Sent: Monday, March 20, 2006 9:27 AM
> To: bind-users at isc.org
> Subject: RE: Forward zone problem
> 
> I saw post from March 23, 2004, but it had no replies:
> 
> Any way to trace the path of queries for type forward zones??
> 
> dig @dnsbox +trace always starts with the root servers, since it's
> intended to trace delegation.
> 
> dig @dnsbox +norecursive returns referrals to authoritative sources,
> but says nothing of the server(s) listed in the zone forwarders
> statement @dnsbox, implying it would follow delegations that in fact
> it does not.
> 
> This is not a problem... just musing how I would troubleshoot some
> twisted forwarding scheme through multiple servers.
> 
> -----Original Message-----
> From: Stefanick, Andrew 
> Sent: Monday, March 20, 2006 8:37 AM
> To: bind-users at isc.org
> Subject: RE: Forward zone problem
> 
> Can somebody help me understand this dig output?
> 
> The  "mnc410..." query is working, and here are the digs I performed.
> 
> # ./dig @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa +trace
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa
> +trace
> ;; global options:  printcmd
> .                       267612  IN      NS      E.ROOT-SERVERS.NET.
> .                       267612  IN      NS      F.ROOT-SERVERS.NET.
> .                       267612  IN      NS      G.ROOT-SERVERS.NET.
> .                       267612  IN      NS      H.ROOT-SERVERS.NET.
> .                       267612  IN      NS      I.ROOT-SERVERS.NET.
> .                       267612  IN      NS      J.ROOT-SERVERS.NET.
> .                       267612  IN      NS      K.ROOT-SERVERS.NET.
> .                       267612  IN      NS      L.ROOT-SERVERS.NET.
> .                       267612  IN      NS      M.ROOT-SERVERS.NET.
> .                       267612  IN      NS      A.ROOT-SERVERS.NET.
> .                       267612  IN      NS      B.ROOT-SERVERS.NET.
> .                       267612  IN      NS      C.ROOT-SERVERS.NET.
> .                       267612  IN      NS      D.ROOT-SERVERS.NET.
> ;; Received 340 bytes from 12.25.118.5#53(12.25.118.5) in 6 ms
> 
> ./dig: Couldn't find server 'E.ROOT-SERVERS.NET': host/servname not
> known
> 
> 
> # ./dig @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa +norec
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa
> +norec
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5937
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;wap.cingular.mnc410.mcc310.gprs. IN    SOA
> 
> ;; AUTHORITY SECTION:
> mnc410.mcc310.gprs.     598     IN      NS
> atlrdns1.mnc410.mcc310.gprs.
> mnc410.mcc310.gprs.     598     IN      NS
> wcrdns1.mnc410.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> wcrdns1.mnc410.mcc310.gprs. 604798 IN   A       66.102.185.70
> atlrdns1.mnc410.mcc310.gprs. 604798 IN  A       66.102.184.70
> 
> ;; Query time: 3 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Mon Mar 20 10:13:12 2006
> ;; MSG SIZE  rcvd: 126 
> 
> 
> Now here are the digs on the non-working forwarder.  Again, both of
> these forwarders only exist as 3 lines of directives in the named.conf,
> so why do they behave so differently???
> 
> # ./dig 12.25.118.5 internet.epictouch.mnc610.mcc310.gprs soa +trace
> 
> ; <<>> DiG 9.2.2 <<>> 12.25.118.5 internet.epictouch.mnc610.mcc310.gprs
> soa +trace
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32172
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;12.25.118.5.                   IN      A
> 
> ;; AUTHORITY SECTION:
> .                       10800   IN      SOA     a.root-servers.net.
> nstld.verisign-grs.com. 2006031901 1800 900 604800 86400
> 
> ;; Query time: 67 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Mon Mar 20 10:27:46 2006
> ;; MSG SIZE  rcvd: 104
> 
> .                       266702  IN      NS      A.ROOT-SERVERS.NET.
> .                       266702  IN      NS      B.ROOT-SERVERS.NET.
> .                       266702  IN      NS      C.ROOT-SERVERS.NET.
> .                       266702  IN      NS      D.ROOT-SERVERS.NET.
> .                       266702  IN      NS      E.ROOT-SERVERS.NET.
> .                       266702  IN      NS      F.ROOT-SERVERS.NET.
> .                       266702  IN      NS      G.ROOT-SERVERS.NET.
> .                       266702  IN      NS      H.ROOT-SERVERS.NET.
> .                       266702  IN      NS      I.ROOT-SERVERS.NET.
> .                       266702  IN      NS      J.ROOT-SERVERS.NET.
> .                       266702  IN      NS      K.ROOT-SERVERS.NET.
> .                       266702  IN      NS      L.ROOT-SERVERS.NET.
> .                       266702  IN      NS      M.ROOT-SERVERS.NET.
> ;; Received 340 bytes from 12.25.118.5#53(12.25.118.5) in 4 ms
> 
> ./dig: Couldn't find server 'A.ROOT-SERVERS.NET': host/servname not
> known
> # ./dig @12.25.118.5 internet.epictouch.mnc610.mcc310.gprs soa +norec
> 
> ; <<>> DiG 9.2.2 <<>> @12.25.118.5 internet.epictouch.mnc610.mcc310.gprs
> soa +norec
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18378
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 7
> 
> ;; QUESTION SECTION:
> ;internet.epictouch.mnc610.mcc310.gprs. IN SOA
> 
> ;; AUTHORITY SECTION:
> .                       266666  IN      NS      D.ROOT-SERVERS.NET.
> .                       266666  IN      NS      E.ROOT-SERVERS.NET.
> .                       266666  IN      NS      F.ROOT-SERVERS.NET.
> .                       266666  IN      NS      G.ROOT-SERVERS.NET.
> .                       266666  IN      NS      H.ROOT-SERVERS.NET.
> .                       266666  IN      NS      I.ROOT-SERVERS.NET.
> .                       266666  IN      NS      J.ROOT-SERVERS.NET.
> .                       266666  IN      NS      K.ROOT-SERVERS.NET.
> .                       266666  IN      NS      L.ROOT-SERVERS.NET.
> .                       266666  IN      NS      M.ROOT-SERVERS.NET.
> .                       266666  IN      NS      A.ROOT-SERVERS.NET.
> .                       266666  IN      NS      B.ROOT-SERVERS.NET.
> .                       266666  IN      NS      C.ROOT-SERVERS.NET.
> 
> ;; ADDITIONAL SECTION:
> D.ROOT-SERVERS.NET.     462914  IN      A       128.8.10.90
> F.ROOT-SERVERS.NET.     462912  IN      A       192.5.5.241
> I.ROOT-SERVERS.NET.     462906  IN      A       192.36.148.17
> J.ROOT-SERVERS.NET.     538238  IN      A       192.58.128.30
> K.ROOT-SERVERS.NET.     462908  IN      A       193.0.14.129
> L.ROOT-SERVERS.NET.     462904  IN      A       198.32.64.12
> M.ROOT-SERVERS.NET.     462902  IN      A       202.12.27.33
> 
> ;; Query time: 6 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Mon Mar 20 10:28:22 2006
> ;; MSG SIZE  rcvd: 378
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Stefanick, Andrew 
> Sent: Friday, March 17, 2006 11:54 AM
> To: bind-users at isc.org
> Subject: RE: Forward zone problem
> 
> This is BIND 9.2.1 (I realize some logging parameters are not correct)
> 
> # cat named.conf
> options {
>     directory "/opt/mps/data/dnspic";
>     pid-file "/opt/mps/data/dnspic/named.pid";
>     port 53;
>     check-names master ignore;
>     statistics-interval 5;
> };
> 
> logging {
> 
> channel log_syslog {
>     syslog daemon;
>     severity info;
>     print-category yes;
>     print-severity yes;
>     print-time yes;
> };
> channel log_default {
>     file "/var/adm/DNS_default.log" versions 2 size 30M;
>     severity info;
>     print-category yes;
>     print-severity yes;
>     print-time yes;
> };
> channel dnsmsg_file {
>     file "/var/adm/DNS_messages.log" versions 2 size 10M;
>     severity info;
>     print-category yes;
>     print-severity yes;
>     print-time yes;
> };
> channel stats_file {
>     file "/var/adm/DNS_stats.log" versions 2 size 10M;
>     severity info;
>     print-category yes;
>     print-severity yes;
>     print-time yes;
> };
> channel query_file {
>     file "/var/adm/DNS_query.log" versions 2 size 100M;
>     severity info;
>     print-category yes;
>     print-severity yes;
>     print-time yes;
>     //For query logging to work,niddnsd must be running;
>     //with the-q option(query logging mode);
>     //DO NOT use the "-d1-q" options together,as this will;
>     //cause the$POLICY_HOME/log/monitord.log(if using monitord);
>     //or the$POLICY_HOME/etc/niddnsd.run(if not using monitord);
>     //to grow substantially,without control.;
> };
> category default {
>     log_default;
> };
> category cname {
>     null;
> };
> category config {
>     dnsmsg_file;
> };
> category load {
>     dnsmsg_file;
> };
> category ncache {
>     null;
> };
> category response-checks {
>     null;
> };
> category lame-servers {
>     null;
> };
> category os {
>     log_syslog;
> };
> category panic {
>     log_syslog;
> };
> category response-checks {
>     dnsmsg_file;
> };
> category security {
>     null;
> };
> category statistics {
>     log_syslog;
>     stats_file;
> };
> category xfer-in {
>     dnsmsg_file;
> };
> category xfer-out {
>     dnsmsg_file;
> };
> category queries {
>     query_file;
> };
> };
> controls {
> };
> 
> 
> zone "0.0.127.in-addr.arpa" in {
>     type master;
>     file "db.127.0.0";
> };
> 
> zone "." in {
>     type hint;
>     file "db.cache";
> };
> 
> // generated
> 
> zone "45.10.10.in-addr.arpa." in {
>     type master;
>     file "db.45.10.10.in-addr.arpa";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "16.32.10.in-addr.arpa." in {
>     type master;
>     file "db.16.32.10.in-addr.arpa";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "118.25.12.in-addr.arpa." in {
>     type master;
>     file "db.118.25.12.in-addr.arpa";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "119.25.12.in-addr.arpa." in {
>     type master;
>     file "db.119.25.12.in-addr.arpa";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "209.166.in-addr.arpa." in {
>     type master;
>     file "db.209.166.in-addr.arpa";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "mnc560.mcc310.gprs." in {
>     type master;
>     file "db.mnc560.mcc310.gprs";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "amrgsm.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.amrgsm.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "atlaspipeline.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.atlaspipeline.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "biokey.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.biokey.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "cellular1.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.cellular1.mnc560.mcc310.gprs";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "cellular1wap.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.cellular1wap.mnc560.mcc310.gprs";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "chautauqua.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.chautauqua.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "dobsoncellular.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.dobsoncellular.mnc560.mcc310.gprs";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "dobsoncellularwap.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.dobsoncellularwap.mnc560.mcc310.gprs";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "dobson.employee.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.dobson.employee.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "enogex.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.enogex.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "mahoning.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.mahoning.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "gre.meters.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.gre.meters.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "mpamrgsm.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.mpamrgsm.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "blackberry.net.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.blackberry.net.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "servicestar.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.servicestar.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "staticip.mnc560.mcc310.gprs." in {
>     type master;
>     file "db.staticip.mnc560.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "mnc680.mcc310.gprs." in {
>     type master;
>     file "db.mnc680.mcc310.gprs";
>     allow-transfer { 12.25.118.110; 12.25.118.105; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "cellular1.mnc680.mcc310.gprs." in {
>     type master;
>     file "db.cellular1.mnc680.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "cellular1wap.mnc680.mcc310.gprs." in {
>     type master;
>     file "db.cellular1wap.mnc680.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "employee.mnc680.mcc310.gprs." in {
>     type master;
>     file "db.employee.mnc680.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "dobson.employee.mnc680.mcc310.gprs." in {
>     type master;
>     file "db.dobson.employee.mnc680.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "blackberry.net.mnc680.mcc310.gprs." in {
>     type master;
>     file "db.blackberry.net.mnc680.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "prepaidgprs.mnc680.mcc310.gprs." in {
>     type master;
>     file "db.prepaidgprs.mnc680.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "staticip.mnc680.mcc310.gprs." in {
>     type master;
>     file "db.staticip.mnc680.mcc310.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "pop3.gprs." in {
>     type master;
>     file "db.pop3.gprs";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "im." in {
>     type master;
>     file "db.im";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "smtp." in {
>     type master;
>     file "db.smtp";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "wap." in {
>     type master;
>     file "db.wap";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "wapgw." in {
>     type master;
>     file "db.wapgw";
>     allow-transfer { none; };
>     allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
> 
> };
> 
> zone "mnc340.mcc310.gprs." in {
>     type forward;
>     forwarders { 206.253.34.38; };
> };
> 
> zone "mnc020.mcc310.gprs." in {
>     type forward;
>     forwarders { 166.230.4.23; 166.230.4.68; };
> };
> 
> zone "mnc660.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc080.mcc310.gprs." in {
>     type forward;
>     forwarders { 64.89.96.41; };
> };
> 
> zone "mnc210.mcc311.gprs." in {
>     type forward;
>     forwarders { 64.178.236.24; 64.178.236.25; };
> };
> 
> zone "mnc210.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc240.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc590.mcc310.gprs." in {
>     type forward;
>     forwarders { 65.215.156.236; 65.215.156.237; };
> };
> 
> zone "mnc270.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc010.mcc280.gprs." in {
>     type forward;
>     forwarders { 213.207.137.59; };
> };
> 
> zone "mnc460.mcc310.gprs." in {
>     type forward;
>     forwarders { 206.71.207.2; };
> };
> 
> zone "mnc490.mcc310.gprs." in {
>     type forward;
>     forwarders { 204.94.32.129; 204.94.32.130; };
> };
> 
> zone "mnc170.mcc310.gprs." in {
>     type forward;
>     forwarders { 66.102.184.70; 66.102.185.70; };
> };
> 
> zone "mnc910.mcc310.gprs." in {
>     type forward;
>     forwarders { 204.87.229.189; 204.87.229.190; };
> };
> 
> zone "mnc020.mcc334.gprs." in {
>     type forward;
>     forwarders { 200.79.17.19; 200.79.17.20; };
> };
> 
> zone "mnc0410.mcc0310.gprs." in {
>     type forward;
>     forwarders { 66.102.184.70; 66.102.185.70; };
> };
> 
> zone "mnc010.mcc311.gprs." in {
>     type forward;
>     forwarders { 63.99.212.68; };
> };
> 
> zone "mnc370.mcc302.gprs." in {
>     type forward;
>     forwarders { 142.146.247.194; 142.146.247.210; };
> };
> 
> zone "ztango.com." in {
>     type forward;
>     forwarders { 12.28.87.35; 12.28.87.70; };
> };
> 
> zone "mnc070.mcc311.gprs." in {
>     type forward;
>     forwarders { 67.129.227.7; 67.129.227.8; };
> };
> 
> zone "mnc390.mcc310.gprs." in {
>     type forward;
>     forwarders { 63.99.212.68; };
> };
> 
> zone "mnc070.mcc310.gprs." in {
>     type forward;
>     forwarders { 12.174.3.11; 12.174.3.12; };
> };
> 
> zone "mnc230.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc580.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc260.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc720.mcc302.gprs." in {
>     type forward;
>     forwarders { 142.146.247.194; 142.146.247.210; };
> };
> 
> zone "dobson.net." in {
>     type forward;
>     forwarders { 12.28.87.35; 12.28.87.70; };
> };
> 
> zone "mnc100.mcc310.gprs." in {
>     type forward;
>     forwarders { 208.254.125.68; };
> };
> 
> zone "mnc420.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.68.79.243; 216.68.79.244; };
> };
> 
> zone "mnc770.mcc310.gprs." in {
>     type forward;
>     forwarders { 194.215.72.69; 194.215.72.38; 81.28.64.47; 81.28.64.46;
> };
> };
> 
> zone "mnc450.mcc310.gprs." in {
>     type forward;
>     forwarders { 65.113.229.21; 65.113.229.22; };
> };
> 
> zone "mnc160.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc190.mcc311.gprs." in {
>     type forward;
>     forwarders { 168.103.195.2; };
> };
> 
> zone "mnc610.mcc310.gprs." in {
>     type forward;
>     forwarders { 206.253.34.38; };
> };
> 
> zone "mnc640.mcc310.gprs." in {
>     type forward;
>     forwarders { 209.103.202.57; 209.103.202.58; };
> };
> 
> zone "mnc016.mcc204.gprs." in {
>     type forward;
>     forwarders { 84.241.224.117; 84.241.224.125; 194.229.188.57;
> 194.229.188.58; };
> };
> 
> zone "mnc030.mcc310.gprs." in {
>     type forward;
>     forwarders { 205.242.95.18; 205.242.95.19; };
> };
> 
> zone "mnc380.mcc310.gprs." in {
>     type forward;
>     forwarders { 209.183.42.248; 209.183.42.249; };
> };
> 
> zone "mnc090.mcc310.gprs." in {
>     type forward;
>     forwarders { 63.161.114.210; 63.161.114.211; };
> };
> 
> zone "mnc800.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc570.mcc348.gprs." in {
>     type forward;
>     forwarders { 213.181.39.1; 213.181.39.10; };
> };
> 
> zone "mnc002.mcc242.gprs." in {
>     type forward;
>     forwarders { 193.109.210.5; 193.109.210.6; };
> };
> 
> zone "mnc002.mcc272.gprs." in {
>     type forward;
>     forwarders { 62.40.40.7; 62.40.40.8; };
> };
> 
> zone "mnc220.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc890.mcc310.gprs." in {
>     type forward;
>     forwarders { 65.168.87.75; 65.168.87.76; };
> };
> 
> zone "mnc250.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> zone "mnc410.mcc310.gprs." in {
>     type forward;
>     forwarders { 66.102.184.70; 66.102.185.70; };
> };
> 
> zone "mnc150.mcc310.gprs." in {
>     type forward;
>     forwarders { 66.102.184.70; 66.102.185.70; };
> };
> 
> zone "mnc180.mcc310.gprs." in {
>     type forward;
>     forwarders { 208.33.46.199; };
> };
> 
> zone "mnc310.mcc310.gprs." in {
>     type forward;
>     forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
> 216.155.160.106; };
> };
> 
> 
> This is one of the zone files this DNS is master for:
> 
> # cat db.mnc560.mcc310.gprs
> $TTL 43200
> mnc560.mcc310.gprs. 0 IN SOA youndns1.mnc560.mcc310.gprs.
> admin.mnc560.mcc310.gprs. (
>     150 ; serial number
>     3600 ; refresh after
>     900 ; retry after
>     604800 ; expire cache after
>     43200 ) ; Minimum TTL
> 
> ; generated NS records
> mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
> mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
> mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
> mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
> anchdns1.mnc560.mcc310.gprs. IN A 12.25.118.105
> anchdns2.mnc560.mcc310.gprs. IN A 12.25.118.110
> cellular1.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
> cellular1.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
> cellular1.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
> cellular1.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
> cellular1wap.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
> cellular1wap.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
> cellular1wap.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
> cellular1wap.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
> dobsoncellular.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
> dobsoncellular.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
> dobsoncellular.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
> dobsoncellular.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
> dobsoncellularwap.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
> dobsoncellularwap.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
> dobsoncellularwap.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
> dobsoncellularwap.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
> gre.meters.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
> gre.meters.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
> gre.meters.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
> gre.meters.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
> youndns1.mnc560.mcc310.gprs. IN A 12.25.118.5
> youndns2.mnc560.mcc310.gprs. IN A 12.25.118.10
> 
> ; generated A Records
> anchdns1.mnc560.mcc310.gprs. IN A 12.25.118.105
> anchdns2.mnc560.mcc310.gprs. IN A 12.25.118.110
> cellular1eit.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
> cellular1mms.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
> dobsoncellulareit.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
> gps.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
> prepaidgprs.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
> youndns1.mnc560.mcc310.gprs. IN A 12.25.118.5
> youndns2.mnc560.mcc310.gprs. 0 IN A 12.25.118.10
> # cat /etc/resolv.conf
> domain mnc560.mcc310.gprs
> nameserver 12.25.118.5
> nameserver 12.25.118.10
> nameserver 10.10.45.30
> nameserver 10.10.45.31
> 
> 
> 
> Look at this dig, done on a domain that exists as just a forwarder:
> 
> # ./dig mnc410.mcc310.gprs soa
> 
> ; <<>> DiG 9.2.2 <<>> mnc410.mcc310.gprs soa
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10264
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;mnc410.mcc310.gprs.            IN      SOA
> 
> ;; ANSWER SECTION:
> mnc410.mcc310.gprs.     600     IN      SOA
> wcrdns1.mnc410.mcc310.gprs. root.wcrdns1.mnc410.mcc310.gprs. 2006030303
> 600 3600 1209600 600
> 
> ;; AUTHORITY SECTION:
> mnc410.mcc310.gprs.     600     IN      NS
> wcrdns1.mnc410.mcc310.gprs.
> mnc410.mcc310.gprs.     600     IN      NS
> atlrdns1.mnc410.mcc310.gprs.
> 
> ;; ADDITIONAL SECTION:
> wcrdns1.mnc410.mcc310.gprs. 604800 IN   A       66.102.185.70
> atlrdns1.mnc410.mcc310.gprs. 604800 IN  A       66.102.184.70
> 
> ;; Query time: 157 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Fri Mar 17 14:06:55 2006
> ;; MSG SIZE  rcvd: 154
> 
> 
> Yet, why does this next one not report similar info.  No answer for this
> dig.
> 
> 
> # ./dig mnc610.mcc310.gprs soa
> 
> ; <<>> DiG 9.2.2 <<>> mnc610.mcc310.gprs soa
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1068
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mnc610.mcc310.gprs.            IN      SOA
> 
> ;; AUTHORITY SECTION:
> .                       7070    IN      SOA     A.ROOT-SERVERS.NET.
> NSTLD.VERISIGN-GRS.COM. 2006031601 1800 900 604800 86400
> 
> ;; Query time: 4 msec
> ;; SERVER: 12.25.118.5#53(12.25.118.5)
> ;; WHEN: Fri Mar 17 14:07:15 2006
> ;; MSG SIZE  rcvd: 111
> 
> 
> Here is an nslookup for a forwarder:
> 
> # nslookup mnc410.mcc310.gprs
> Server:  youndns1.mnc560.mcc310.gprs
> Address:  12.25.118.5
> 
> *** No address (A) records available for mnc410.mcc310.gprs
> 
> 
> I would expect that, since the A records would be records like
> "wap.cingular.mnc410.mcc310.gprs"
> 
> # nslookup mnc610.mcc310.gprs
> Server:  youndns1.mnc560.mcc310.gprs
> Address:  12.25.118.5
> 
> *** youndns1.mnc560.mcc310.gprs can't find mnc610.mcc310.gprs:
> Non-existent host/domain
> 
> Yet here, again, forward directive not working.
> 
> Here is an nslookup for an A record from a forwarder:
> 
> # nslookup
> Default Server:  youndns1.mnc560.mcc310.gprs
> Address:  12.25.118.5
> 
> > set d2
> > wap.cingular.mnc410.mcc310.gprs
> Server:  youndns1.mnc560.mcc310.gprs
> Address:  12.25.118.5
> 
> ;; res_nmkquery(QUERY, wap.cingular.mnc410.mcc310.gprs, IN, A)
> ------------
> SendRequest(), len 49
>     HEADER:
>         opcode = QUERY, id = 27485, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
> 
>     QUESTIONS:
>         wap.cingular.mnc410.mcc310.gprs, type = A, class = IN
> 
> ------------
> ------------
> Got answer (158 bytes):
>     HEADER:
>         opcode = QUERY, id = 27485, rcode = NOERROR
>         header flags:  response, want recursion, recursion avail.
>         questions = 1,  answers = 2,  authority records = 2,  additional
> = 2
> 
>     QUESTIONS:
>         wap.cingular.mnc410.mcc310.gprs, type = A, class = IN
>     ANSWERS:
>     ->  wap.cingular.mnc410.mcc310.gprs
>         type = A, class = IN, dlen = 4
>         internet address = 66.102.185.193
>         ttl = 221 (221)
>     ->  wap.cingular.mnc410.mcc310.gprs
>         type = A, class = IN, dlen = 4
>         internet address = 66.102.184.193
>         ttl = 221 (221)
>     AUTHORITY RECORDS:
>     ->  mnc410.mcc310.gprs
>         type = NS, class = IN, dlen = 11
>         nameserver = atlrdns1.mnc410.mcc310.gprs
>         ttl = 567 (567)
>     ->  mnc410.mcc310.gprs
>         type = NS, class = IN, dlen = 10
>         nameserver = wcrdns1.mnc410.mcc310.gprs
>         ttl = 567 (567)
>     ADDITIONAL RECORDS:
>     ->  wcrdns1.mnc410.mcc310.gprs
>         type = A, class = IN, dlen = 4
>         internet address = 66.102.185.70
>         ttl = 604767 (604767)
>     ->  atlrdns1.mnc410.mcc310.gprs
>         type = A, class = IN, dlen = 4
>         internet address = 66.102.184.70
>         ttl = 604767 (604767)
> 
> ------------
> Non-authoritative answer:
> Name:    wap.cingular.mnc410.mcc310.gprs
> Addresses:  66.102.185.193, 66.102.184.193
> 
> 
> Got it fine.
> 
> Now I try for one on the malfunctioning one:
> 
> 
> > internet.epictouch.mnc610.mcc310.gprs
> Server:  youndns1.mnc560.mcc310.gprs
> Address:  12.25.118.5
> 
> ;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A)
> ------------
> SendRequest(), len 55
>     HEADER:
>         opcode = QUERY, id = 27486, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
> 
>     QUESTIONS:
>         internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
> 
> ------------
> ------------
> Got answer (130 bytes):
>     HEADER:
>         opcode = QUERY, id = 27486, rcode = NXDOMAIN
>         header flags:  response, want recursion, recursion avail.
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0
> 
>     QUESTIONS:
>         internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
>     AUTHORITY RECORDS:
>     ->  (root)
>         type = SOA, class = IN, dlen = 64
>         ttl = 6409 (6409)
>         origin = A.ROOT-SERVERS.NET
>         mail addr = NSTLD.VERISIGN-GRS.COM
>         serial = 2006031601
>         refresh = 1800 (30M)
>         retry   = 900 (15M)
>         expire  = 604800 (1W)
>         minimum ttl = 86400 (1D)
> 
> ------------
> ;; res_nmkquery(QUERY,
> internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, IN, A)
> ------------
> SendRequest(), len 74
>     HEADER:
>         opcode = QUERY, id = 27487, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
> 
>     QUESTIONS:
>         internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
> A, class = IN
> 
> ------------
> ------------
> Got answer (125 bytes):
>     HEADER:
>         opcode = QUERY, id = 27487, rcode = NXDOMAIN
>         header flags:  response, auth. answer, want recursion, recursion
> avail.
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0
> 
>     QUESTIONS:
>         internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
> A, class = IN
>     AUTHORITY RECORDS:
>     ->  mnc560.mcc310.gprs
>         type = SOA, class = IN, dlen = 39
>         ttl = 0 (0S)
>         origin = youndns1.mnc560.mcc310.gprs
>         mail addr = admin.mnc560.mcc310.gprs
>         serial = 150
>         refresh = 3600 (1H)
>         retry   = 900 (15M)
>         expire  = 604800 (1W)
>         minimum ttl = 43200 (12H)
> 
> ------------
> ;; res_nmkquery(QUERY,
> internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, IN, A)
> ------------
> SendRequest(), len 67
>     HEADER:
>         opcode = QUERY, id = 27488, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
> 
>     QUESTIONS:
>         internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
> class = IN
> 
> ------------
> ------------
> Got answer (142 bytes):
>     HEADER:
>         opcode = QUERY, id = 27488, rcode = NXDOMAIN
>         header flags:  response, want recursion, recursion avail.
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0
> 
>     QUESTIONS:
>         internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
> class = IN
>     AUTHORITY RECORDS:
>     ->  (root)
>         type = SOA, class = IN, dlen = 64
>         ttl = 6409 (6409)
>         origin = a.root-servers.net
>         mail addr = nstld.verisign-grs.com
>         serial = 2006031601
>         refresh = 1800 (30M)
>         retry   = 900 (15M)
>         expire  = 604800 (1W)
>         minimum ttl = 86400 (1D)
> 
> ------------
> *** youndns1.mnc560.mcc310.gprs can't find
> internet.epictouch.mnc610.mcc310.gprs: Non-existent host/domain
> 
> 
> 
> So I then change the server, to use the target at the end of the forward
> directive:
> 
> 
> 
> 
> > server 206.253.34.38
> ;; res_nmkquery(QUERY, 38.34.253.206.in-addr.arpa, IN, PTR)
> ------------
> SendRequest(), len 44
>     HEADER:
>         opcode = QUERY, id = 27489, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
> 
>     QUESTIONS:
>         38.34.253.206.in-addr.arpa, type = PTR, class = IN
> 
> ------------
> ------------
> Got answer (96 bytes):
>     HEADER:
>         opcode = QUERY, id = 27489, rcode = NXDOMAIN
>         header flags:  response, want recursion, recursion avail.
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0
> 
>     QUESTIONS:
>         38.34.253.206.in-addr.arpa, type = PTR, class = IN
>     AUTHORITY RECORDS:
>     ->  34.253.206.in-addr.arpa
>         type = SOA, class = IN, dlen = 40
>         ttl = 6869 (6869)
>         origin = ns1.pld.com
>         mail addr = root.pld.com
>         serial = 970215
>         refresh = 3600 (1H)
>         retry   = 300 (5M)
>         expire  = 3600000 (3600000)
>         minimum ttl = 86400 (1D)
> 
> ------------
> Default Server:  [206.253.34.38]
> Address:  206.253.34.38
> I try the query directly on the target DNS:
> 
> 
> > internet.epictouch.mnc610.mcc310.gprs
> Server:  [206.253.34.38]
> Address:  206.253.34.38
> 
> ;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A)
> ------------
> SendRequest(), len 55
>     HEADER:
>         opcode = QUERY, id = 27490, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0
> 
>     QUESTIONS:
>         internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
> 
> ------------
> ------------
> Got answer (117 bytes):
>     HEADER:
>         opcode = QUERY, id = 27490, rcode = NOERROR
>         header flags:  response, auth. answer, want recursion, recursion
> avail.
>         questions = 1,  answers = 1,  authority records = 1,  additional
> = 1
> 
>     QUESTIONS:
>         internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
>     ANSWERS:
>     ->  internet.epictouch.mnc610.mcc310.gprs
>         type = A, class = IN, dlen = 4
>         internet address = 206.253.34.37
>         ttl = 86400 (1D)
>     AUTHORITY RECORDS:
>     ->  mnc610.mcc310.gprs
>         type = NS, class = IN, dlen = 18
>         nameserver = ULYSDNS1.mnc340.mcc310.gprs
>         ttl = 86400 (1D)
>     ADDITIONAL RECORDS:
>     ->  ULYSDNS1.mnc340.mcc310.gprs
>         type = A, class = IN, dlen = 4
>         internet address = 206.253.34.38
>         ttl = 86400 (1D)
> 
> ------------
> Name:    internet.epictouch.mnc610.mcc310.gprs
> Address:  206.253.34.37
> 
> And I get my answer.
> 
> I am totally stumped on this.
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Stefanick, Andrew 
> Sent: Thursday, March 16, 2006 8:48 PM
> To: Kevin Darcy; bind-users at isc.org
> Subject: RE: Forward zone problem
> 
> 
> 
> 
> This is the email that started this whole thing.
> 
> Look at the final result of this nslookup.  Are you saying that this
> negative respone will now be in the cache, and even if it COULD work,
> this negative response will mask it?  Does the  expire=604800  in the
> final response mean that this negative result will remain in place for
> one week??
> 
> 
> 
> 
> Andrew, I have followed you direction and created a new domain/zone for
> a new roaming partner but we are unable to do nslookups. It does not
> appear to be forwarding to the IP address I specified. I have attached
> the output from an nslookup with debug turned on. What appears strange
> to me is I lookup "internet.epictouch.mnc610.mcc560.gprs" and I see it
> trying to resolve
> "internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs"
> 
> 
> 
> 
> > internet.epictouch.mnc610.mcc310.gprs 
> Server:  youndns1.mnc560.mcc310.gprs 
> Address:  12.25.118.5 
> 
> ;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A) 
> ------------ 
> SendRequest(), len 55 
>     HEADER: 
>         opcode = QUERY, id = 27698, rcode = NOERROR 
>         header flags:  query, want recursion 
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0 
> 
>     QUESTIONS: 
>         internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN 
> 
> ------------ 
> ------------ 
> Got answer (130 bytes): 
>     HEADER: 
>         opcode = QUERY, id = 27698, rcode = NXDOMAIN 
>         header flags:  response, want recursion, recursion avail. 
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0 
> 
>     QUESTIONS: 
>         internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN 
>     AUTHORITY RECORDS: 
>     ->  (root) 
>         type = SOA, class = IN, dlen = 64 
>         ttl = 10782 (10782) 
>         origin = A.ROOT-SERVERS.NET 
>         mail addr = NSTLD.VERISIGN-GRS.COM 
>         serial = 2006031401 
>         refresh = 1800 (30M) 
>         retry   = 900 (15M) 
>         expire  = 604800 (1W) 
>         minimum ttl = 86400 (1D) 
> 
> ------------ 
> ;; res_nmkquery(QUERY,
> internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, 
>  IN, A) 
> ------------ 
> SendRequest(), len 74 
>     HEADER: 
>         opcode = QUERY, id = 27699, rcode = NOERROR 
>         header flags:  query, want recursion 
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0 
> 
>     QUESTIONS: 
>         internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
> A, clas 
> s = IN 
> 
> ------------ 
> ------------ 
> Got answer (125 bytes): 
>     HEADER: 
>         opcode = QUERY, id = 27699, rcode = NXDOMAIN 
>         header flags:  response, auth. answer, want recursion, recursion
> avail. 
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0 
> 
>     QUESTIONS: 
>         internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
> A, clas 
> s = IN 
>     AUTHORITY RECORDS: 
>     ->  mnc560.mcc310.gprs 
>         type = SOA, class = IN, dlen = 39 
>         ttl = 0 (0S) 
>         origin = youndns1.mnc560.mcc310.gprs 
>         mail addr = admin.mnc560.mcc310.gprs 
>         serial = 143 
>         refresh = 3600 (1H) 
>         retry   = 900 (15M) 
>         expire  = 604800 (1W) 
>         minimum ttl = 43200 (12H) 
> 
> ------------ 
> ;; res_nmkquery(QUERY,
> internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, IN, A) 
> ------------ 
> SendRequest(), len 67 
>     HEADER: 
>         opcode = QUERY, id = 27700, rcode = NOERROR 
>         header flags:  query, want recursion 
>         questions = 1,  answers = 0,  authority records = 0,  additional
> = 0 
> 
>     QUESTIONS: 
>         internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
> class = IN 
> 
> ------------ 
> ------------ 
> Got answer (142 bytes): 
>     HEADER: 
>         opcode = QUERY, id = 27700, rcode = NXDOMAIN 
>         header flags:  response, want recursion, recursion avail. 
>         questions = 1,  answers = 0,  authority records = 1,  additional
> = 0 
> 
>     QUESTIONS: 
>         internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
> class = IN 
>     AUTHORITY RECORDS: 
>     ->  (root) 
>         type = SOA, class = IN, dlen = 64 
>         ttl = 10782 (10782) 
>         origin = a.root-servers.net 
>         mail addr = nstld.verisign-grs.com 
>         serial = 2006031401 
>         refresh = 1800 (30M) 
>         retry   = 900 (15M) 
>         expire  = 604800 (1W) 
>         minimum ttl = 86400 (1D) 
> 
> ------------ 
> *** youndns1.mnc560.mcc310.gprs can't find
> internet.epictouch.mnc610.mcc310.gprs 
> : Non-existent host/domain 
> >
> 
> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com] 
> Sent: Thursday, March 16, 2006 7:29 PM
> To: bind-users at isc.org
> Subject: Re: Forward zone problem
> 
> Stefanick, Andrew wrote:
> 
> >I think what I really am asking is:
> >
> >Given a simple 3 line forward directive, if it is not working, what are
> >the potential causes?
> >
> >1.  The DNS server thinks it is authoritive for this zone, so it will
> >never forward.  If so, how do I prove that theory and correct it.
> >
> Unlikely that you would have missed that scenario. If you already had an
> 
> authoritative (master or slave) zone definition, then the "type forward"
> 
> definition would be a duplicate. You'd see an error message to that 
> effect in the logs or if you ran named-checkconf.
> 
> >2.  syntax error
> >
> Syntax error in what? In the "type forward" zone definition? From what 
> you posted before, the syntax looks fine. You could run named-checkconf 
> to make sure.
> 
> >3.  Network connection.  But I can do nslookup and set the server to
> the
> >IP I use in the forwarder, and I can resolve the query.
> >
> Probably not the *direct* cause then. However, as I mentioned in a 
> previous message, if you are (mis)configured for "forward first" (which 
> is the default forwarding mode), and there is a transient problem with 
> your forwarder, maybe your nameserver would try to query the .gprs name 
> on the Internet, get an NXDOMAIN response, and store that "negative" 
> cache entry for some period of time. It's a possibility that's worth 
> considering, at least...
> 
> - Kevin
> 
> >-----Original Message-----
> >From: Kevin Darcy [mailto:kcd at daimlerchrysler.com] 
> >Sent: Thursday, March 16, 2006 4:57 PM
> >To: bind-users at isc.org
> >Subject: Re: Forward zone problem
> >
> >You're aware the that the .gprs TLD *doesn't*actually*exist* in the 
> >Internet DNS, right? So if your nameserver ever tries to look up .gprs 
> >names on the Internet, it'll probably get a "no such domain" response, 
> >and it will cache that "negative" response for some period of time, and
> 
> >any .gprs queries it gets in the interim will be responded to with
> >NXDOMAIN.
> >
> >For this reason, in the absence of some special "hints" file, you'll 
> >need to specify your forwarding mode as "forward only". This will 
> >prevent your nameserver from going out and trying to resolve names in 
> >the Internet DNS if there is some sort of transient problem talking to 
> >the forwarder. That's what I suspect is happening here.
> >
> >- Kevin
> >
> >Stefanick, Andrew wrote:
> >
> >  
> >
> >>Here is a dig for a name that works with a forward zone on the system
> >>currently:
> >>
> >>
> >># ./dig wap.cingular.mnc410.mcc310.gprs a
> >>
> >>; <<>> DiG 9.2.2 <<>> wap.cingular.mnc410.mcc310.gprs a
> >>;; global options:  printcmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1122
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> >>
> >>;; QUESTION SECTION:
> >>;wap.cingular.mnc410.mcc310.gprs. IN    A
> >>
> >>;; ANSWER SECTION:
> >>wap.cingular.mnc410.mcc310.gprs. 234 IN A       66.102.184.193
> >>wap.cingular.mnc410.mcc310.gprs. 234 IN A       66.102.185.193
> >>
> >>;; AUTHORITY SECTION:
> >>mnc410.mcc310.gprs.     447     IN      NS
> >>wcrdns1.mnc410.mcc310.gprs.
> >>mnc410.mcc310.gprs.     447     IN      NS
> >>atlrdns1.mnc410.mcc310.gprs.
> >>
> >>;; ADDITIONAL SECTION:
> >>wcrdns1.mnc410.mcc310.gprs. 604647 IN   A       66.102.185.70
> >>atlrdns1.mnc410.mcc310.gprs. 604647 IN  A       66.102.184.70
> >>
> >>;; Query time: 9 msec
> >>;; SERVER: 12.25.118.5#53(12.25.118.5)
> >>;; WHEN: Thu Mar 16 16:43:06 2006
> >>;; MSG SIZE  rcvd: 158
> >>
> >>#
> >>
> >>
> >>This is a dig against the forwarder that is not working:
> >>
> >>
> >>********************** from epictouch *********************
> >>
> >># ./dig internet.epictouch.mnc610.mcc310.gprs a
> >>
> >>; <<>> DiG 9.2.2 <<>> internet.epictouch.mnc610.mcc310.gprs a
> >>;; global options:  printcmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47408
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> >>
> >>;; QUESTION SECTION:
> >>;internet.epictouch.mnc610.mcc310.gprs. IN A
> >>
> >>;; AUTHORITY SECTION:
> >>.                       10800   IN      SOA     a.root-servers.net.
> >>nstld.verisi
> >>gn-grs.com. 2006031600 1800 900 604800 86400
> >>
> >>;; Query time: 118 msec
> >>;; SERVER: 12.25.118.10#53(12.25.118.10)
> >>;; WHEN: Thu Mar 16 16:44:38 2006
> >>;; MSG SIZE  rcvd: 130
> >>
> >>The is no zone file on the machine for any of the configured forward
> >>zone.  They only exist as directives in named.conf.
> >>
> >>But I see the posts that DNS will not forward for something it is
> >>authoritive for.  Where would this authority reside?  There are no
> zone
> >>files with any matching names of the forward zones.
> >>
> >>My only thought is perhaps the segment   mcc310.gprs  is somehow
> >>authoritive on the server, but that would not explain how the cingular
> >>dig worked then.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>-----Original Message-----
> >>From: Stefanick, Andrew 
> >>Sent: Thursday, March 16, 2006 12:58 PM
> >>To: bind-users at isc.org
> >>Subject: Forward zone problem
> >>
> >>I am struggling with a forward zone issue in Bind 9
> >>
> >>
> >>We have many forward zones configured and they work fine.  They really
> >>amount to no more than a forward directive such as
> >>
> >>
> >>
> >>
> >>
> >>zone "name.of.domain" {
> >>
> >>   type forward;
> >>
> >>   forwarders {w.x.y.z;};
> >>
> >>};
> >>
> >>
> >>
> >>
> >>
> >>We put in a new one, and it will not work.  nslookup shows it
> seemingly
> >>only trying to resolve the query internally.
> >>
> >>
> >>
> >>If I set the server to the IP of the forwarder in the nslookup, then
> we
> >>can resolve the queries when posed directly to the remote DNS server.
> >>So, it is not a networking issue.
> >>
> >>
> >>
> >>I do not understand the logic/sequence that occurs when a query is
> >>    
> >>
> >posed
> >  
> >
> >>that should be sent to a forwarder.  Where do the root-server  records
> >>come in, and why even.  Doesn't the forward directive tell the server,
> >>"don't even bother, just go to w.x.y.z for the answer"
> >>
> >>
> >>
> >>here are some example of using dig against some of the forward zones
> >>that work.  The AUTHORITY section shows the name of the remote DNS
> that
> >>controls the domain.
> >>
> >>
> >>
> >>When I try dig for the new forwarder, the only AUTHORITY that shows is
> >>the A.rootserver.
> >>
> >>
> >>
> >>I really don't get it.
> >>
> >>
> >>
> >>I ONLY put in the 3 line directive, and I am done.
> >>
> >>
> >>
> >>I don't even know what to change/try.  It is too simple to implement.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >># ./dig mnc150.mcc310.gprs
> >>
> >>
> >>
> >>; <<>> DiG 9.2.2 <<>> mnc150.mcc310.gprs
> >>
> >>;; global options:  printcmd
> >>
> >>;; Got answer:
> >>
> >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61159
> >>
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> >>
> >>
> >>
> >>;; QUESTION SECTION:
> >>
> >>;mnc150.mcc310.gprs.            IN      A
> >>
> >>
> >>
> >>;; AUTHORITY SECTION:
> >>
> >>mnc150.mcc310.gprs.     600     IN      SOA
> >>wcrdns1.mnc410.mcc310.gprs. root
> >>
> >>.wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
> >>
> >>
> >>
> >>;; Query time: 115 msec
> >>
> >>;; SERVER: 12.25.118.5#53(12.25.118.5)
> >>
> >>;; WHEN: Thu Mar 16 15:37:45 2006
> >>
> >>;; MSG SIZE  rcvd: 92
> >>
> >>
> >>
> >># ./dig mnc170.mcc310.gprs
> >>
> >>
> >>
> >>; <<>> DiG 9.2.2 <<>> mnc170.mcc310.gprs
> >>
> >>;; global options:  printcmd
> >>
> >>;; Got answer:
> >>
> >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3961
> >>
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> >>
> >>
> >>
> >>;; QUESTION SECTION:
> >>
> >>;mnc170.mcc310.gprs.            IN      A
> >>
> >>
> >>
> >>;; AUTHORITY SECTION:
> >>
> >>mnc170.mcc310.gprs.     600     IN      SOA
> >>wcrdns1.mnc410.mcc310.gprs. root
> >>
> >>.wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
> >>
> >>
> >>
> >>;; Query time: 99 msec
> >>
> >>;; SERVER: 12.25.118.5#53(12.25.118.5)
> >>
> >>;; WHEN: Thu Mar 16 15:38:05 2006
> >>
> >>;; MSG SIZE  rcvd: 92
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> 
> >>
> >>    
> >>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >  
> >

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list