Forward zone problem

Stefanick, Andrew astefanick at metasolv.com
Wed Mar 22 15:49:06 UTC 2006


Is there any LIMIT to the number of forwarders you can specify???


Hello???



-----Original Message-----
From: Stefanick, Andrew 
Sent: Tuesday, March 21, 2006 12:17 PM
To: bind-users at isc.org
Subject: RE: Forward zone problem

What is the significance of the AUTHORITY flag in all these dig
outputs??

Seems that all the successful responses have AUTHORITY:0

And the unsuccessful ones have AUTHORITY:1

What determines the AUTHORITY?

I though only the zones which I am MASTER am I authoritive for.




mnc410.mcc310.gprs is a working forwarder

mnc610.mcc310.gprs is the one we are trying to get to work.

12.25.118.5 has the 610 forwarder in its config.

12.25.118.10  is the other DNS, and I do not have it know about 610



# ./dig @12.25.118.5 mnc410.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc410.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30768
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mnc410.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc410.mcc310.gprs.     491     IN      NS
wcrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs.     491     IN      NS
atlrdns1.mnc410.mcc310.gprs.

;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 604691 IN   A       66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 604691 IN  A       66.102.184.70

;; Query time: 3 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 09:51:07 2006
;; MSG SIZE  rcvd: 113

# ./dig @12.25.118.10 mnc410.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc410.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60379
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mnc410.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc410.mcc310.gprs.     407     IN      NS
atlrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs.     407     IN      NS
wcrdns1.mnc410.mcc310.gprs.

;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 604607 IN   A       66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 604607 IN  A       66.102.184.70

;; Query time: 5 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 09:51:33 2006
;; MSG SIZE  rcvd: 113

# ./dig @66.102.184.70 mnc410.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @66.102.184.70 mnc410.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59520
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mnc410.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc410.mcc310.gprs.     600     IN      NS
atlrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs.     600     IN      NS
wcrdns1.mnc410.mcc310.gprs.

;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 3600000 IN  A       66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 3600000 IN A       66.102.184.70

;; Query time: 198 msec
;; SERVER: 66.102.184.70#53(66.102.184.70)
;; WHEN: Tue Mar 21 09:51:56 2006
;; MSG SIZE  rcvd: 113

# ./dig @66.102.185.70 mnc410.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @66.102.185.70 mnc410.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9801
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mnc410.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc410.mcc310.gprs.     600     IN      NS
atlrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs.     600     IN      NS
wcrdns1.mnc410.mcc310.gprs.

;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 3600000 IN  A       66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 3600000 IN A       66.102.184.70

;; Query time: 165 msec
;; SERVER: 66.102.185.70#53(66.102.185.70)
;; WHEN: Tue Mar 21 09:52:37 2006
;; MSG SIZE  rcvd: 113

# ./dig @12.25.118.5 mnc610.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc610.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8942
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mnc610.mcc310.gprs.            IN      NS

;; AUTHORITY SECTION:
.                       10458   IN      SOA     A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 09:53:00 2006
;; MSG SIZE  rcvd: 111

# ./dig @12.25.118.10 mnc610.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc610.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8084
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mnc610.mcc310.gprs.            IN      NS

;; AUTHORITY SECTION:
.                       10472   IN      SOA     A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 09:53:23 2006
;; MSG SIZE  rcvd: 111

# ./dig @206.253.34.38 mnc610.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @206.253.34.38 mnc610.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2627
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mnc610.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc610.mcc310.gprs.     86400   IN      NS
ULYSDNS1.mnc340.mcc310.gprs.

;; ADDITIONAL SECTION:
ULYSDNS1.mnc340.mcc310.gprs. 86400 IN   A       206.253.34.38

;; Query time: 57 msec
;; SERVER: 206.253.34.38#53(206.253.34.38)
;; WHEN: Tue Mar 21 09:53:49 2006
;; MSG SIZE  rcvd: 82




These are random digs I did against other forwarders I saw in the conf
file.



# ./dig @12.25.118.5 mnc180.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc180.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54675
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mnc180.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc180.mcc310.gprs.     0       IN      NS      gprsdns.wcc.net.
mnc180.mcc310.gprs.     0       IN      NS      wcwmps.wcc.net.

;; ADDITIONAL SECTION:
wcwmps.wcc.net.         86400   IN      A       10.10.12.7
wcwmps.wcc.net.         86400   IN      A       208.33.46.199

;; Query time: 315 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 09:55:55 2006
;; MSG SIZE  rcvd: 118

# ./dig @12.25.118.10 mnc180.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc180.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44620
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mnc180.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc180.mcc310.gprs.     0       IN      NS      wcwmps.wcc.net.
mnc180.mcc310.gprs.     0       IN      NS      gprsdns.wcc.net.

;; ADDITIONAL SECTION:
wcwmps.wcc.net.         86400   IN      A       10.10.12.7
wcwmps.wcc.net.         86400   IN      A       208.33.46.199

;; Query time: 105 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 09:56:30 2006
;; MSG SIZE  rcvd: 118

# ./dig @208.33.46.199 mnc180.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @208.33.46.199 mnc180.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39164
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;mnc180.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc180.mcc310.gprs.     0       IN      NS      gprsdns.wcc.net.
mnc180.mcc310.gprs.     0       IN      NS      wcwmps.wcc.net.

;; ADDITIONAL SECTION:
wcwmps.wcc.net.         86400   IN      A       10.10.12.7
wcwmps.wcc.net.         86400   IN      A       208.33.46.199

;; Query time: 49 msec
;; SERVER: 208.33.46.199#53(208.33.46.199)
;; WHEN: Tue Mar 21 09:56:56 2006
;; MSG SIZE  rcvd: 118


# ./dig @12.25.118.5 mnc310.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc310.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49524
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mnc310.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc310.mcc310.gprs.     3333    IN      NS
dnssnq00.dsnq.voicestream.us.gprs.

;; ADDITIONAL SECTION:
dnssnq00.dsnq.voicestream.us.gprs. 84687 IN A   216.155.160.196

;; Query time: 3 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 09:58:07 2006
;; MSG SIZE  rcvd: 95

# ./dig @12.25.118.10 mnc310.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc310.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48665
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mnc310.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc310.mcc310.gprs.     1702    IN      NS
dnssnq00.dsnq.voicestream.us.gprs.

;; ADDITIONAL SECTION:
dnssnq00.dsnq.voicestream.us.gprs. 82486 IN A   216.155.160.196

;; Query time: 5 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 09:58:28 2006
;; MSG SIZE  rcvd: 95

# ./dig @216.155.160.196 mnc310.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @216.155.160.196 mnc310.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12740
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mnc310.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc310.mcc310.gprs.     3600    IN      NS
dnssnq00.dsnq.voicestream.us.gprs.

;; ADDITIONAL SECTION:
dnssnq00.dsnq.voicestream.us.gprs. 86400 IN A   216.155.160.196

;; Query time: 655 msec
;; SERVER: 216.155.160.196#53(216.155.160.196)
;; WHEN: Tue Mar 21 09:58:54 2006
;; MSG SIZE  rcvd: 95

# ./dig @216.155.160.197 mnc310.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @216.155.160.197 mnc310.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42350
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mnc310.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc310.mcc310.gprs.     3600    IN      NS
dnssnq00.dsnq.voicestream.us.gprs.

;; ADDITIONAL SECTION:
dnssnq00.dsnq.voicestream.us.gprs. 86400 IN A   216.155.160.196

;; Query time: 756 msec
;; SERVER: 216.155.160.197#53(216.155.160.197)
;; WHEN: Tue Mar 21 09:59:19 2006
;; MSG SIZE  rcvd: 95

# ./dig @216.155.160.105 mnc310.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @216.155.160.105 mnc310.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mnc310.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc310.mcc310.gprs.     3600    IN      NS
dnsnatl0.datl.voicestream.us.gprs.

;; ADDITIONAL SECTION:
dnsnatl0.datl.voicestream.us.gprs. 3600 IN A    216.155.160.105

;; Query time: 103 msec
;; SERVER: 216.155.160.105#53(216.155.160.105)
;; WHEN: Tue Mar 21 10:00:00 2006
;; MSG SIZE  rcvd: 95

# ./dig @216.155.160.106 mnc310.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @216.155.160.106 mnc310.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mnc310.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc310.mcc310.gprs.     3600    IN      NS
dnsnatl0.datl.voicestream.us.gprs.

;; ADDITIONAL SECTION:
dnsnatl0.datl.voicestream.us.gprs. 3600 IN A    216.155.160.105

;; Query time: 572 msec
;; SERVER: 216.155.160.106#53(216.155.160.106)
;; WHEN: Tue Mar 21 10:00:23 2006
;; MSG SIZE  rcvd: 95



And here is the forwarder that had been working for a year to this same
target.

# ./dig @12.25.118.5  mnc340.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc340.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34678
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mnc340.mcc310.gprs.            IN      NS

;; AUTHORITY SECTION:
.                       10800   IN      SOA     A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400

;; Query time: 2048 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 12:04:31 2006
;; MSG SIZE  rcvd: 111

# ./dig @12.25.118.10 mnc340.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc340.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10829
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mnc340.mcc310.gprs.            IN      NS

;; AUTHORITY SECTION:
.                       10800   IN      SOA     A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400

;; Query time: 2092 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 12:05:21 2006
;; MSG SIZE  rcvd: 111

# ./dig @206.253.34.38 mnc340.mcc310.gprs. ns

; <<>> DiG 9.2.2 <<>> @206.253.34.38 mnc340.mcc310.gprs. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48777
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mnc340.mcc310.gprs.            IN      NS

;; ANSWER SECTION:
mnc340.mcc310.gprs.     86400   IN      NS
ULYSDNS1.mnc340.mcc310.gprs.

;; ADDITIONAL SECTION:
ULYSDNS1.mnc340.mcc310.gprs. 86400 IN   A       206.253.34.38

;; Query time: 225 msec
;; SERVER: 206.253.34.38#53(206.253.34.38)
;; WHEN: Tue Mar 21 12:05:56 2006
;; MSG SIZE  rcvd: 75

-----Original Message-----
From: Stefanick, Andrew 
Sent: Monday, March 20, 2006 10:34 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem

I am actually working with BIND 9.2.2 if that makes a huge difference.

What is the correct way to get meaning query log info?

I tried -q option, but named does not start when I specify that.



-----Original Message-----
From: Stefanick, Andrew 
Sent: Monday, March 20, 2006 9:27 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem

I saw post from March 23, 2004, but it had no replies:

Any way to trace the path of queries for type forward zones??

dig @dnsbox +trace always starts with the root servers, since it's
intended to trace delegation.

dig @dnsbox +norecursive returns referrals to authoritative sources,
but says nothing of the server(s) listed in the zone forwarders
statement @dnsbox, implying it would follow delegations that in fact
it does not.

This is not a problem... just musing how I would troubleshoot some
twisted forwarding scheme through multiple servers.

-----Original Message-----
From: Stefanick, Andrew 
Sent: Monday, March 20, 2006 8:37 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem

Can somebody help me understand this dig output?

The  "mnc410..." query is working, and here are the digs I performed.

# ./dig @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa +trace

; <<>> DiG 9.2.2 <<>> @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa
+trace
;; global options:  printcmd
.                       267612  IN      NS      E.ROOT-SERVERS.NET.
.                       267612  IN      NS      F.ROOT-SERVERS.NET.
.                       267612  IN      NS      G.ROOT-SERVERS.NET.
.                       267612  IN      NS      H.ROOT-SERVERS.NET.
.                       267612  IN      NS      I.ROOT-SERVERS.NET.
.                       267612  IN      NS      J.ROOT-SERVERS.NET.
.                       267612  IN      NS      K.ROOT-SERVERS.NET.
.                       267612  IN      NS      L.ROOT-SERVERS.NET.
.                       267612  IN      NS      M.ROOT-SERVERS.NET.
.                       267612  IN      NS      A.ROOT-SERVERS.NET.
.                       267612  IN      NS      B.ROOT-SERVERS.NET.
.                       267612  IN      NS      C.ROOT-SERVERS.NET.
.                       267612  IN      NS      D.ROOT-SERVERS.NET.
;; Received 340 bytes from 12.25.118.5#53(12.25.118.5) in 6 ms

./dig: Couldn't find server 'E.ROOT-SERVERS.NET': host/servname not
known


# ./dig @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa +norec

; <<>> DiG 9.2.2 <<>> @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa
+norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5937
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;wap.cingular.mnc410.mcc310.gprs. IN    SOA

;; AUTHORITY SECTION:
mnc410.mcc310.gprs.     598     IN      NS
atlrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs.     598     IN      NS
wcrdns1.mnc410.mcc310.gprs.

;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 604798 IN   A       66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 604798 IN  A       66.102.184.70

;; Query time: 3 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Mon Mar 20 10:13:12 2006
;; MSG SIZE  rcvd: 126 


Now here are the digs on the non-working forwarder.  Again, both of
these forwarders only exist as 3 lines of directives in the named.conf,
so why do they behave so differently???

# ./dig 12.25.118.5 internet.epictouch.mnc610.mcc310.gprs soa +trace

; <<>> DiG 9.2.2 <<>> 12.25.118.5 internet.epictouch.mnc610.mcc310.gprs
soa +trace
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32172
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;12.25.118.5.                   IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     a.root-servers.net.
nstld.verisign-grs.com. 2006031901 1800 900 604800 86400

;; Query time: 67 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Mon Mar 20 10:27:46 2006
;; MSG SIZE  rcvd: 104

.                       266702  IN      NS      A.ROOT-SERVERS.NET.
.                       266702  IN      NS      B.ROOT-SERVERS.NET.
.                       266702  IN      NS      C.ROOT-SERVERS.NET.
.                       266702  IN      NS      D.ROOT-SERVERS.NET.
.                       266702  IN      NS      E.ROOT-SERVERS.NET.
.                       266702  IN      NS      F.ROOT-SERVERS.NET.
.                       266702  IN      NS      G.ROOT-SERVERS.NET.
.                       266702  IN      NS      H.ROOT-SERVERS.NET.
.                       266702  IN      NS      I.ROOT-SERVERS.NET.
.                       266702  IN      NS      J.ROOT-SERVERS.NET.
.                       266702  IN      NS      K.ROOT-SERVERS.NET.
.                       266702  IN      NS      L.ROOT-SERVERS.NET.
.                       266702  IN      NS      M.ROOT-SERVERS.NET.
;; Received 340 bytes from 12.25.118.5#53(12.25.118.5) in 4 ms

./dig: Couldn't find server 'A.ROOT-SERVERS.NET': host/servname not
known
# ./dig @12.25.118.5 internet.epictouch.mnc610.mcc310.gprs soa +norec

; <<>> DiG 9.2.2 <<>> @12.25.118.5 internet.epictouch.mnc610.mcc310.gprs
soa +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18378
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 7

;; QUESTION SECTION:
;internet.epictouch.mnc610.mcc310.gprs. IN SOA

;; AUTHORITY SECTION:
.                       266666  IN      NS      D.ROOT-SERVERS.NET.
.                       266666  IN      NS      E.ROOT-SERVERS.NET.
.                       266666  IN      NS      F.ROOT-SERVERS.NET.
.                       266666  IN      NS      G.ROOT-SERVERS.NET.
.                       266666  IN      NS      H.ROOT-SERVERS.NET.
.                       266666  IN      NS      I.ROOT-SERVERS.NET.
.                       266666  IN      NS      J.ROOT-SERVERS.NET.
.                       266666  IN      NS      K.ROOT-SERVERS.NET.
.                       266666  IN      NS      L.ROOT-SERVERS.NET.
.                       266666  IN      NS      M.ROOT-SERVERS.NET.
.                       266666  IN      NS      A.ROOT-SERVERS.NET.
.                       266666  IN      NS      B.ROOT-SERVERS.NET.
.                       266666  IN      NS      C.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
D.ROOT-SERVERS.NET.     462914  IN      A       128.8.10.90
F.ROOT-SERVERS.NET.     462912  IN      A       192.5.5.241
I.ROOT-SERVERS.NET.     462906  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     538238  IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     462908  IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     462904  IN      A       198.32.64.12
M.ROOT-SERVERS.NET.     462902  IN      A       202.12.27.33

;; Query time: 6 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Mon Mar 20 10:28:22 2006
;; MSG SIZE  rcvd: 378

















-----Original Message-----
From: Stefanick, Andrew 
Sent: Friday, March 17, 2006 11:54 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem

This is BIND 9.2.1 (I realize some logging parameters are not correct)

# cat named.conf
options {
    directory "/opt/mps/data/dnspic";
    pid-file "/opt/mps/data/dnspic/named.pid";
    port 53;
    check-names master ignore;
    statistics-interval 5;
};

logging {

channel log_syslog {
    syslog daemon;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
};
channel log_default {
    file "/var/adm/DNS_default.log" versions 2 size 30M;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
};
channel dnsmsg_file {
    file "/var/adm/DNS_messages.log" versions 2 size 10M;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
};
channel stats_file {
    file "/var/adm/DNS_stats.log" versions 2 size 10M;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
};
channel query_file {
    file "/var/adm/DNS_query.log" versions 2 size 100M;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
    //For query logging to work,niddnsd must be running;
    //with the-q option(query logging mode);
    //DO NOT use the "-d1-q" options together,as this will;
    //cause the$POLICY_HOME/log/monitord.log(if using monitord);
    //or the$POLICY_HOME/etc/niddnsd.run(if not using monitord);
    //to grow substantially,without control.;
};
category default {
    log_default;
};
category cname {
    null;
};
category config {
    dnsmsg_file;
};
category load {
    dnsmsg_file;
};
category ncache {
    null;
};
category response-checks {
    null;
};
category lame-servers {
    null;
};
category os {
    log_syslog;
};
category panic {
    log_syslog;
};
category response-checks {
    dnsmsg_file;
};
category security {
    null;
};
category statistics {
    log_syslog;
    stats_file;
};
category xfer-in {
    dnsmsg_file;
};
category xfer-out {
    dnsmsg_file;
};
category queries {
    query_file;
};
};
controls {
};


zone "0.0.127.in-addr.arpa" in {
    type master;
    file "db.127.0.0";
};

zone "." in {
    type hint;
    file "db.cache";
};

// generated

zone "45.10.10.in-addr.arpa." in {
    type master;
    file "db.45.10.10.in-addr.arpa";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "16.32.10.in-addr.arpa." in {
    type master;
    file "db.16.32.10.in-addr.arpa";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "118.25.12.in-addr.arpa." in {
    type master;
    file "db.118.25.12.in-addr.arpa";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "119.25.12.in-addr.arpa." in {
    type master;
    file "db.119.25.12.in-addr.arpa";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "209.166.in-addr.arpa." in {
    type master;
    file "db.209.166.in-addr.arpa";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "mnc560.mcc310.gprs." in {
    type master;
    file "db.mnc560.mcc310.gprs";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "amrgsm.mnc560.mcc310.gprs." in {
    type master;
    file "db.amrgsm.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "atlaspipeline.mnc560.mcc310.gprs." in {
    type master;
    file "db.atlaspipeline.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "biokey.mnc560.mcc310.gprs." in {
    type master;
    file "db.biokey.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "cellular1.mnc560.mcc310.gprs." in {
    type master;
    file "db.cellular1.mnc560.mcc310.gprs";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "cellular1wap.mnc560.mcc310.gprs." in {
    type master;
    file "db.cellular1wap.mnc560.mcc310.gprs";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "chautauqua.mnc560.mcc310.gprs." in {
    type master;
    file "db.chautauqua.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "dobsoncellular.mnc560.mcc310.gprs." in {
    type master;
    file "db.dobsoncellular.mnc560.mcc310.gprs";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "dobsoncellularwap.mnc560.mcc310.gprs." in {
    type master;
    file "db.dobsoncellularwap.mnc560.mcc310.gprs";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "dobson.employee.mnc560.mcc310.gprs." in {
    type master;
    file "db.dobson.employee.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "enogex.mnc560.mcc310.gprs." in {
    type master;
    file "db.enogex.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "mahoning.mnc560.mcc310.gprs." in {
    type master;
    file "db.mahoning.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "gre.meters.mnc560.mcc310.gprs." in {
    type master;
    file "db.gre.meters.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "mpamrgsm.mnc560.mcc310.gprs." in {
    type master;
    file "db.mpamrgsm.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "blackberry.net.mnc560.mcc310.gprs." in {
    type master;
    file "db.blackberry.net.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "servicestar.mnc560.mcc310.gprs." in {
    type master;
    file "db.servicestar.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "staticip.mnc560.mcc310.gprs." in {
    type master;
    file "db.staticip.mnc560.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "mnc680.mcc310.gprs." in {
    type master;
    file "db.mnc680.mcc310.gprs";
    allow-transfer { 12.25.118.110; 12.25.118.105; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "cellular1.mnc680.mcc310.gprs." in {
    type master;
    file "db.cellular1.mnc680.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "cellular1wap.mnc680.mcc310.gprs." in {
    type master;
    file "db.cellular1wap.mnc680.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "employee.mnc680.mcc310.gprs." in {
    type master;
    file "db.employee.mnc680.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "dobson.employee.mnc680.mcc310.gprs." in {
    type master;
    file "db.dobson.employee.mnc680.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "blackberry.net.mnc680.mcc310.gprs." in {
    type master;
    file "db.blackberry.net.mnc680.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "prepaidgprs.mnc680.mcc310.gprs." in {
    type master;
    file "db.prepaidgprs.mnc680.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "staticip.mnc680.mcc310.gprs." in {
    type master;
    file "db.staticip.mnc680.mcc310.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "pop3.gprs." in {
    type master;
    file "db.pop3.gprs";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "im." in {
    type master;
    file "db.im";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "smtp." in {
    type master;
    file "db.smtp";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "wap." in {
    type master;
    file "db.wap";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "wapgw." in {
    type master;
    file "db.wapgw";
    allow-transfer { none; };
    allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };

};

zone "mnc340.mcc310.gprs." in {
    type forward;
    forwarders { 206.253.34.38; };
};

zone "mnc020.mcc310.gprs." in {
    type forward;
    forwarders { 166.230.4.23; 166.230.4.68; };
};

zone "mnc660.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc080.mcc310.gprs." in {
    type forward;
    forwarders { 64.89.96.41; };
};

zone "mnc210.mcc311.gprs." in {
    type forward;
    forwarders { 64.178.236.24; 64.178.236.25; };
};

zone "mnc210.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc240.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc590.mcc310.gprs." in {
    type forward;
    forwarders { 65.215.156.236; 65.215.156.237; };
};

zone "mnc270.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc010.mcc280.gprs." in {
    type forward;
    forwarders { 213.207.137.59; };
};

zone "mnc460.mcc310.gprs." in {
    type forward;
    forwarders { 206.71.207.2; };
};

zone "mnc490.mcc310.gprs." in {
    type forward;
    forwarders { 204.94.32.129; 204.94.32.130; };
};

zone "mnc170.mcc310.gprs." in {
    type forward;
    forwarders { 66.102.184.70; 66.102.185.70; };
};

zone "mnc910.mcc310.gprs." in {
    type forward;
    forwarders { 204.87.229.189; 204.87.229.190; };
};

zone "mnc020.mcc334.gprs." in {
    type forward;
    forwarders { 200.79.17.19; 200.79.17.20; };
};

zone "mnc0410.mcc0310.gprs." in {
    type forward;
    forwarders { 66.102.184.70; 66.102.185.70; };
};

zone "mnc010.mcc311.gprs." in {
    type forward;
    forwarders { 63.99.212.68; };
};

zone "mnc370.mcc302.gprs." in {
    type forward;
    forwarders { 142.146.247.194; 142.146.247.210; };
};

zone "ztango.com." in {
    type forward;
    forwarders { 12.28.87.35; 12.28.87.70; };
};

zone "mnc070.mcc311.gprs." in {
    type forward;
    forwarders { 67.129.227.7; 67.129.227.8; };
};

zone "mnc390.mcc310.gprs." in {
    type forward;
    forwarders { 63.99.212.68; };
};

zone "mnc070.mcc310.gprs." in {
    type forward;
    forwarders { 12.174.3.11; 12.174.3.12; };
};

zone "mnc230.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc580.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc260.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc720.mcc302.gprs." in {
    type forward;
    forwarders { 142.146.247.194; 142.146.247.210; };
};

zone "dobson.net." in {
    type forward;
    forwarders { 12.28.87.35; 12.28.87.70; };
};

zone "mnc100.mcc310.gprs." in {
    type forward;
    forwarders { 208.254.125.68; };
};

zone "mnc420.mcc310.gprs." in {
    type forward;
    forwarders { 216.68.79.243; 216.68.79.244; };
};

zone "mnc770.mcc310.gprs." in {
    type forward;
    forwarders { 194.215.72.69; 194.215.72.38; 81.28.64.47; 81.28.64.46;
};
};

zone "mnc450.mcc310.gprs." in {
    type forward;
    forwarders { 65.113.229.21; 65.113.229.22; };
};

zone "mnc160.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc190.mcc311.gprs." in {
    type forward;
    forwarders { 168.103.195.2; };
};

zone "mnc610.mcc310.gprs." in {
    type forward;
    forwarders { 206.253.34.38; };
};

zone "mnc640.mcc310.gprs." in {
    type forward;
    forwarders { 209.103.202.57; 209.103.202.58; };
};

zone "mnc016.mcc204.gprs." in {
    type forward;
    forwarders { 84.241.224.117; 84.241.224.125; 194.229.188.57;
194.229.188.58; };
};

zone "mnc030.mcc310.gprs." in {
    type forward;
    forwarders { 205.242.95.18; 205.242.95.19; };
};

zone "mnc380.mcc310.gprs." in {
    type forward;
    forwarders { 209.183.42.248; 209.183.42.249; };
};

zone "mnc090.mcc310.gprs." in {
    type forward;
    forwarders { 63.161.114.210; 63.161.114.211; };
};

zone "mnc800.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc570.mcc348.gprs." in {
    type forward;
    forwarders { 213.181.39.1; 213.181.39.10; };
};

zone "mnc002.mcc242.gprs." in {
    type forward;
    forwarders { 193.109.210.5; 193.109.210.6; };
};

zone "mnc002.mcc272.gprs." in {
    type forward;
    forwarders { 62.40.40.7; 62.40.40.8; };
};

zone "mnc220.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc890.mcc310.gprs." in {
    type forward;
    forwarders { 65.168.87.75; 65.168.87.76; };
};

zone "mnc250.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};

zone "mnc410.mcc310.gprs." in {
    type forward;
    forwarders { 66.102.184.70; 66.102.185.70; };
};

zone "mnc150.mcc310.gprs." in {
    type forward;
    forwarders { 66.102.184.70; 66.102.185.70; };
};

zone "mnc180.mcc310.gprs." in {
    type forward;
    forwarders { 208.33.46.199; };
};

zone "mnc310.mcc310.gprs." in {
    type forward;
    forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};


This is one of the zone files this DNS is master for:

# cat db.mnc560.mcc310.gprs
$TTL 43200
mnc560.mcc310.gprs. 0 IN SOA youndns1.mnc560.mcc310.gprs.
admin.mnc560.mcc310.gprs. (
    150 ; serial number
    3600 ; refresh after
    900 ; retry after
    604800 ; expire cache after
    43200 ) ; Minimum TTL

; generated NS records
mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
anchdns1.mnc560.mcc310.gprs. IN A 12.25.118.105
anchdns2.mnc560.mcc310.gprs. IN A 12.25.118.110
cellular1.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
cellular1.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
cellular1.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
cellular1.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
cellular1wap.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
cellular1wap.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
cellular1wap.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
cellular1wap.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
dobsoncellular.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
dobsoncellular.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
dobsoncellular.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
dobsoncellular.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
dobsoncellularwap.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
dobsoncellularwap.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
dobsoncellularwap.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
dobsoncellularwap.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
gre.meters.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
gre.meters.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
gre.meters.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
gre.meters.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
youndns1.mnc560.mcc310.gprs. IN A 12.25.118.5
youndns2.mnc560.mcc310.gprs. IN A 12.25.118.10

; generated A Records
anchdns1.mnc560.mcc310.gprs. IN A 12.25.118.105
anchdns2.mnc560.mcc310.gprs. IN A 12.25.118.110
cellular1eit.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
cellular1mms.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
dobsoncellulareit.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
gps.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
prepaidgprs.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
youndns1.mnc560.mcc310.gprs. IN A 12.25.118.5
youndns2.mnc560.mcc310.gprs. 0 IN A 12.25.118.10
# cat /etc/resolv.conf
domain mnc560.mcc310.gprs
nameserver 12.25.118.5
nameserver 12.25.118.10
nameserver 10.10.45.30
nameserver 10.10.45.31



Look at this dig, done on a domain that exists as just a forwarder:

# ./dig mnc410.mcc310.gprs soa

; <<>> DiG 9.2.2 <<>> mnc410.mcc310.gprs soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10264
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mnc410.mcc310.gprs.            IN      SOA

;; ANSWER SECTION:
mnc410.mcc310.gprs.     600     IN      SOA
wcrdns1.mnc410.mcc310.gprs. root.wcrdns1.mnc410.mcc310.gprs. 2006030303
600 3600 1209600 600

;; AUTHORITY SECTION:
mnc410.mcc310.gprs.     600     IN      NS
wcrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs.     600     IN      NS
atlrdns1.mnc410.mcc310.gprs.

;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 604800 IN   A       66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 604800 IN  A       66.102.184.70

;; Query time: 157 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Fri Mar 17 14:06:55 2006
;; MSG SIZE  rcvd: 154


Yet, why does this next one not report similar info.  No answer for this
dig.


# ./dig mnc610.mcc310.gprs soa

; <<>> DiG 9.2.2 <<>> mnc610.mcc310.gprs soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1068
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mnc610.mcc310.gprs.            IN      SOA

;; AUTHORITY SECTION:
.                       7070    IN      SOA     A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006031601 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Fri Mar 17 14:07:15 2006
;; MSG SIZE  rcvd: 111


Here is an nslookup for a forwarder:

# nslookup mnc410.mcc310.gprs
Server:  youndns1.mnc560.mcc310.gprs
Address:  12.25.118.5

*** No address (A) records available for mnc410.mcc310.gprs


I would expect that, since the A records would be records like
"wap.cingular.mnc410.mcc310.gprs"

# nslookup mnc610.mcc310.gprs
Server:  youndns1.mnc560.mcc310.gprs
Address:  12.25.118.5

*** youndns1.mnc560.mcc310.gprs can't find mnc610.mcc310.gprs:
Non-existent host/domain

Yet here, again, forward directive not working.

Here is an nslookup for an A record from a forwarder:

# nslookup
Default Server:  youndns1.mnc560.mcc310.gprs
Address:  12.25.118.5

> set d2
> wap.cingular.mnc410.mcc310.gprs
Server:  youndns1.mnc560.mcc310.gprs
Address:  12.25.118.5

;; res_nmkquery(QUERY, wap.cingular.mnc410.mcc310.gprs, IN, A)
------------
SendRequest(), len 49
    HEADER:
        opcode = QUERY, id = 27485, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0

    QUESTIONS:
        wap.cingular.mnc410.mcc310.gprs, type = A, class = IN

------------
------------
Got answer (158 bytes):
    HEADER:
        opcode = QUERY, id = 27485, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 2,  additional
= 2

    QUESTIONS:
        wap.cingular.mnc410.mcc310.gprs, type = A, class = IN
    ANSWERS:
    ->  wap.cingular.mnc410.mcc310.gprs
        type = A, class = IN, dlen = 4
        internet address = 66.102.185.193
        ttl = 221 (221)
    ->  wap.cingular.mnc410.mcc310.gprs
        type = A, class = IN, dlen = 4
        internet address = 66.102.184.193
        ttl = 221 (221)
    AUTHORITY RECORDS:
    ->  mnc410.mcc310.gprs
        type = NS, class = IN, dlen = 11
        nameserver = atlrdns1.mnc410.mcc310.gprs
        ttl = 567 (567)
    ->  mnc410.mcc310.gprs
        type = NS, class = IN, dlen = 10
        nameserver = wcrdns1.mnc410.mcc310.gprs
        ttl = 567 (567)
    ADDITIONAL RECORDS:
    ->  wcrdns1.mnc410.mcc310.gprs
        type = A, class = IN, dlen = 4
        internet address = 66.102.185.70
        ttl = 604767 (604767)
    ->  atlrdns1.mnc410.mcc310.gprs
        type = A, class = IN, dlen = 4
        internet address = 66.102.184.70
        ttl = 604767 (604767)

------------
Non-authoritative answer:
Name:    wap.cingular.mnc410.mcc310.gprs
Addresses:  66.102.185.193, 66.102.184.193


Got it fine.

Now I try for one on the malfunctioning one:


> internet.epictouch.mnc610.mcc310.gprs
Server:  youndns1.mnc560.mcc310.gprs
Address:  12.25.118.5

;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A)
------------
SendRequest(), len 55
    HEADER:
        opcode = QUERY, id = 27486, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0

    QUESTIONS:
        internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN

------------
------------
Got answer (130 bytes):
    HEADER:
        opcode = QUERY, id = 27486, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional
= 0

    QUESTIONS:
        internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
    AUTHORITY RECORDS:
    ->  (root)
        type = SOA, class = IN, dlen = 64
        ttl = 6409 (6409)
        origin = A.ROOT-SERVERS.NET
        mail addr = NSTLD.VERISIGN-GRS.COM
        serial = 2006031601
        refresh = 1800 (30M)
        retry   = 900 (15M)
        expire  = 604800 (1W)
        minimum ttl = 86400 (1D)

------------
;; res_nmkquery(QUERY,
internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, IN, A)
------------
SendRequest(), len 74
    HEADER:
        opcode = QUERY, id = 27487, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0

    QUESTIONS:
        internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
A, class = IN

------------
------------
Got answer (125 bytes):
    HEADER:
        opcode = QUERY, id = 27487, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion
avail.
        questions = 1,  answers = 0,  authority records = 1,  additional
= 0

    QUESTIONS:
        internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
A, class = IN
    AUTHORITY RECORDS:
    ->  mnc560.mcc310.gprs
        type = SOA, class = IN, dlen = 39
        ttl = 0 (0S)
        origin = youndns1.mnc560.mcc310.gprs
        mail addr = admin.mnc560.mcc310.gprs
        serial = 150
        refresh = 3600 (1H)
        retry   = 900 (15M)
        expire  = 604800 (1W)
        minimum ttl = 43200 (12H)

------------
;; res_nmkquery(QUERY,
internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, IN, A)
------------
SendRequest(), len 67
    HEADER:
        opcode = QUERY, id = 27488, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0

    QUESTIONS:
        internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
class = IN

------------
------------
Got answer (142 bytes):
    HEADER:
        opcode = QUERY, id = 27488, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional
= 0

    QUESTIONS:
        internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
class = IN
    AUTHORITY RECORDS:
    ->  (root)
        type = SOA, class = IN, dlen = 64
        ttl = 6409 (6409)
        origin = a.root-servers.net
        mail addr = nstld.verisign-grs.com
        serial = 2006031601
        refresh = 1800 (30M)
        retry   = 900 (15M)
        expire  = 604800 (1W)
        minimum ttl = 86400 (1D)

------------
*** youndns1.mnc560.mcc310.gprs can't find
internet.epictouch.mnc610.mcc310.gprs: Non-existent host/domain



So I then change the server, to use the target at the end of the forward
directive:




> server 206.253.34.38
;; res_nmkquery(QUERY, 38.34.253.206.in-addr.arpa, IN, PTR)
------------
SendRequest(), len 44
    HEADER:
        opcode = QUERY, id = 27489, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0

    QUESTIONS:
        38.34.253.206.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (96 bytes):
    HEADER:
        opcode = QUERY, id = 27489, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional
= 0

    QUESTIONS:
        38.34.253.206.in-addr.arpa, type = PTR, class = IN
    AUTHORITY RECORDS:
    ->  34.253.206.in-addr.arpa
        type = SOA, class = IN, dlen = 40
        ttl = 6869 (6869)
        origin = ns1.pld.com
        mail addr = root.pld.com
        serial = 970215
        refresh = 3600 (1H)
        retry   = 300 (5M)
        expire  = 3600000 (3600000)
        minimum ttl = 86400 (1D)

------------
Default Server:  [206.253.34.38]
Address:  206.253.34.38
I try the query directly on the target DNS:


> internet.epictouch.mnc610.mcc310.gprs
Server:  [206.253.34.38]
Address:  206.253.34.38

;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A)
------------
SendRequest(), len 55
    HEADER:
        opcode = QUERY, id = 27490, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0

    QUESTIONS:
        internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN

------------
------------
Got answer (117 bytes):
    HEADER:
        opcode = QUERY, id = 27490, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion
avail.
        questions = 1,  answers = 1,  authority records = 1,  additional
= 1

    QUESTIONS:
        internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
    ANSWERS:
    ->  internet.epictouch.mnc610.mcc310.gprs
        type = A, class = IN, dlen = 4
        internet address = 206.253.34.37
        ttl = 86400 (1D)
    AUTHORITY RECORDS:
    ->  mnc610.mcc310.gprs
        type = NS, class = IN, dlen = 18
        nameserver = ULYSDNS1.mnc340.mcc310.gprs
        ttl = 86400 (1D)
    ADDITIONAL RECORDS:
    ->  ULYSDNS1.mnc340.mcc310.gprs
        type = A, class = IN, dlen = 4
        internet address = 206.253.34.38
        ttl = 86400 (1D)

------------
Name:    internet.epictouch.mnc610.mcc310.gprs
Address:  206.253.34.37

And I get my answer.

I am totally stumped on this.





-----Original Message-----
From: Stefanick, Andrew 
Sent: Thursday, March 16, 2006 8:48 PM
To: Kevin Darcy; bind-users at isc.org
Subject: RE: Forward zone problem




This is the email that started this whole thing.

Look at the final result of this nslookup.  Are you saying that this
negative respone will now be in the cache, and even if it COULD work,
this negative response will mask it?  Does the  expire=604800  in the
final response mean that this negative result will remain in place for
one week??




Andrew, I have followed you direction and created a new domain/zone for
a new roaming partner but we are unable to do nslookups. It does not
appear to be forwarding to the IP address I specified. I have attached
the output from an nslookup with debug turned on. What appears strange
to me is I lookup "internet.epictouch.mnc610.mcc560.gprs" and I see it
trying to resolve
"internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs"




> internet.epictouch.mnc610.mcc310.gprs 
Server:  youndns1.mnc560.mcc310.gprs 
Address:  12.25.118.5 

;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A) 
------------ 
SendRequest(), len 55 
    HEADER: 
        opcode = QUERY, id = 27698, rcode = NOERROR 
        header flags:  query, want recursion 
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0 

    QUESTIONS: 
        internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN 

------------ 
------------ 
Got answer (130 bytes): 
    HEADER: 
        opcode = QUERY, id = 27698, rcode = NXDOMAIN 
        header flags:  response, want recursion, recursion avail. 
        questions = 1,  answers = 0,  authority records = 1,  additional
= 0 

    QUESTIONS: 
        internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN 
    AUTHORITY RECORDS: 
    ->  (root) 
        type = SOA, class = IN, dlen = 64 
        ttl = 10782 (10782) 
        origin = A.ROOT-SERVERS.NET 
        mail addr = NSTLD.VERISIGN-GRS.COM 
        serial = 2006031401 
        refresh = 1800 (30M) 
        retry   = 900 (15M) 
        expire  = 604800 (1W) 
        minimum ttl = 86400 (1D) 

------------ 
;; res_nmkquery(QUERY,
internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, 
 IN, A) 
------------ 
SendRequest(), len 74 
    HEADER: 
        opcode = QUERY, id = 27699, rcode = NOERROR 
        header flags:  query, want recursion 
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0 

    QUESTIONS: 
        internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
A, clas 
s = IN 

------------ 
------------ 
Got answer (125 bytes): 
    HEADER: 
        opcode = QUERY, id = 27699, rcode = NXDOMAIN 
        header flags:  response, auth. answer, want recursion, recursion
avail. 
        questions = 1,  answers = 0,  authority records = 1,  additional
= 0 

    QUESTIONS: 
        internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
A, clas 
s = IN 
    AUTHORITY RECORDS: 
    ->  mnc560.mcc310.gprs 
        type = SOA, class = IN, dlen = 39 
        ttl = 0 (0S) 
        origin = youndns1.mnc560.mcc310.gprs 
        mail addr = admin.mnc560.mcc310.gprs 
        serial = 143 
        refresh = 3600 (1H) 
        retry   = 900 (15M) 
        expire  = 604800 (1W) 
        minimum ttl = 43200 (12H) 

------------ 
;; res_nmkquery(QUERY,
internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, IN, A) 
------------ 
SendRequest(), len 67 
    HEADER: 
        opcode = QUERY, id = 27700, rcode = NOERROR 
        header flags:  query, want recursion 
        questions = 1,  answers = 0,  authority records = 0,  additional
= 0 

    QUESTIONS: 
        internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
class = IN 

------------ 
------------ 
Got answer (142 bytes): 
    HEADER: 
        opcode = QUERY, id = 27700, rcode = NXDOMAIN 
        header flags:  response, want recursion, recursion avail. 
        questions = 1,  answers = 0,  authority records = 1,  additional
= 0 

    QUESTIONS: 
        internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
class = IN 
    AUTHORITY RECORDS: 
    ->  (root) 
        type = SOA, class = IN, dlen = 64 
        ttl = 10782 (10782) 
        origin = a.root-servers.net 
        mail addr = nstld.verisign-grs.com 
        serial = 2006031401 
        refresh = 1800 (30M) 
        retry   = 900 (15M) 
        expire  = 604800 (1W) 
        minimum ttl = 86400 (1D) 

------------ 
*** youndns1.mnc560.mcc310.gprs can't find
internet.epictouch.mnc610.mcc310.gprs 
: Non-existent host/domain 
>

-----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com] 
Sent: Thursday, March 16, 2006 7:29 PM
To: bind-users at isc.org
Subject: Re: Forward zone problem

Stefanick, Andrew wrote:

>I think what I really am asking is:
>
>Given a simple 3 line forward directive, if it is not working, what are
>the potential causes?
>
>1.  The DNS server thinks it is authoritive for this zone, so it will
>never forward.  If so, how do I prove that theory and correct it.
>
Unlikely that you would have missed that scenario. If you already had an

authoritative (master or slave) zone definition, then the "type forward"

definition would be a duplicate. You'd see an error message to that 
effect in the logs or if you ran named-checkconf.

>2.  syntax error
>
Syntax error in what? In the "type forward" zone definition? From what 
you posted before, the syntax looks fine. You could run named-checkconf 
to make sure.

>3.  Network connection.  But I can do nslookup and set the server to
the
>IP I use in the forwarder, and I can resolve the query.
>
Probably not the *direct* cause then. However, as I mentioned in a 
previous message, if you are (mis)configured for "forward first" (which 
is the default forwarding mode), and there is a transient problem with 
your forwarder, maybe your nameserver would try to query the .gprs name 
on the Internet, get an NXDOMAIN response, and store that "negative" 
cache entry for some period of time. It's a possibility that's worth 
considering, at least...

- Kevin

>-----Original Message-----
>From: Kevin Darcy [mailto:kcd at daimlerchrysler.com] 
>Sent: Thursday, March 16, 2006 4:57 PM
>To: bind-users at isc.org
>Subject: Re: Forward zone problem
>
>You're aware the that the .gprs TLD *doesn't*actually*exist* in the 
>Internet DNS, right? So if your nameserver ever tries to look up .gprs 
>names on the Internet, it'll probably get a "no such domain" response, 
>and it will cache that "negative" response for some period of time, and

>any .gprs queries it gets in the interim will be responded to with
>NXDOMAIN.
>
>For this reason, in the absence of some special "hints" file, you'll 
>need to specify your forwarding mode as "forward only". This will 
>prevent your nameserver from going out and trying to resolve names in 
>the Internet DNS if there is some sort of transient problem talking to 
>the forwarder. That's what I suspect is happening here.
>
>- Kevin
>
>Stefanick, Andrew wrote:
>
>  
>
>>Here is a dig for a name that works with a forward zone on the system
>>currently:
>>
>>
>># ./dig wap.cingular.mnc410.mcc310.gprs a
>>
>>; <<>> DiG 9.2.2 <<>> wap.cingular.mnc410.mcc310.gprs a
>>;; global options:  printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1122
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
>>
>>;; QUESTION SECTION:
>>;wap.cingular.mnc410.mcc310.gprs. IN    A
>>
>>;; ANSWER SECTION:
>>wap.cingular.mnc410.mcc310.gprs. 234 IN A       66.102.184.193
>>wap.cingular.mnc410.mcc310.gprs. 234 IN A       66.102.185.193
>>
>>;; AUTHORITY SECTION:
>>mnc410.mcc310.gprs.     447     IN      NS
>>wcrdns1.mnc410.mcc310.gprs.
>>mnc410.mcc310.gprs.     447     IN      NS
>>atlrdns1.mnc410.mcc310.gprs.
>>
>>;; ADDITIONAL SECTION:
>>wcrdns1.mnc410.mcc310.gprs. 604647 IN   A       66.102.185.70
>>atlrdns1.mnc410.mcc310.gprs. 604647 IN  A       66.102.184.70
>>
>>;; Query time: 9 msec
>>;; SERVER: 12.25.118.5#53(12.25.118.5)
>>;; WHEN: Thu Mar 16 16:43:06 2006
>>;; MSG SIZE  rcvd: 158
>>
>>#
>>
>>
>>This is a dig against the forwarder that is not working:
>>
>>
>>********************** from epictouch *********************
>>
>># ./dig internet.epictouch.mnc610.mcc310.gprs a
>>
>>; <<>> DiG 9.2.2 <<>> internet.epictouch.mnc610.mcc310.gprs a
>>;; global options:  printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47408
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>;; QUESTION SECTION:
>>;internet.epictouch.mnc610.mcc310.gprs. IN A
>>
>>;; AUTHORITY SECTION:
>>.                       10800   IN      SOA     a.root-servers.net.
>>nstld.verisi
>>gn-grs.com. 2006031600 1800 900 604800 86400
>>
>>;; Query time: 118 msec
>>;; SERVER: 12.25.118.10#53(12.25.118.10)
>>;; WHEN: Thu Mar 16 16:44:38 2006
>>;; MSG SIZE  rcvd: 130
>>
>>The is no zone file on the machine for any of the configured forward
>>zone.  They only exist as directives in named.conf.
>>
>>But I see the posts that DNS will not forward for something it is
>>authoritive for.  Where would this authority reside?  There are no
zone
>>files with any matching names of the forward zones.
>>
>>My only thought is perhaps the segment   mcc310.gprs  is somehow
>>authoritive on the server, but that would not explain how the cingular
>>dig worked then.
>>
>>
>>
>>
>>
>>
>>
>>
>>-----Original Message-----
>>From: Stefanick, Andrew 
>>Sent: Thursday, March 16, 2006 12:58 PM
>>To: bind-users at isc.org
>>Subject: Forward zone problem
>>
>>I am struggling with a forward zone issue in Bind 9
>>
>>
>>We have many forward zones configured and they work fine.  They really
>>amount to no more than a forward directive such as
>>
>>
>>
>>
>>
>>zone "name.of.domain" {
>>
>>   type forward;
>>
>>   forwarders {w.x.y.z;};
>>
>>};
>>
>>
>>
>>
>>
>>We put in a new one, and it will not work.  nslookup shows it
seemingly
>>only trying to resolve the query internally.
>>
>>
>>
>>If I set the server to the IP of the forwarder in the nslookup, then
we
>>can resolve the queries when posed directly to the remote DNS server.
>>So, it is not a networking issue.
>>
>>
>>
>>I do not understand the logic/sequence that occurs when a query is
>>    
>>
>posed
>  
>
>>that should be sent to a forwarder.  Where do the root-server  records
>>come in, and why even.  Doesn't the forward directive tell the server,
>>"don't even bother, just go to w.x.y.z for the answer"
>>
>>
>>
>>here are some example of using dig against some of the forward zones
>>that work.  The AUTHORITY section shows the name of the remote DNS
that
>>controls the domain.
>>
>>
>>
>>When I try dig for the new forwarder, the only AUTHORITY that shows is
>>the A.rootserver.
>>
>>
>>
>>I really don't get it.
>>
>>
>>
>>I ONLY put in the 3 line directive, and I am done.
>>
>>
>>
>>I don't even know what to change/try.  It is too simple to implement.
>>
>>
>>
>>
>>
>>
>>
>># ./dig mnc150.mcc310.gprs
>>
>>
>>
>>; <<>> DiG 9.2.2 <<>> mnc150.mcc310.gprs
>>
>>;; global options:  printcmd
>>
>>;; Got answer:
>>
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61159
>>
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>
>>
>>;; QUESTION SECTION:
>>
>>;mnc150.mcc310.gprs.            IN      A
>>
>>
>>
>>;; AUTHORITY SECTION:
>>
>>mnc150.mcc310.gprs.     600     IN      SOA
>>wcrdns1.mnc410.mcc310.gprs. root
>>
>>.wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
>>
>>
>>
>>;; Query time: 115 msec
>>
>>;; SERVER: 12.25.118.5#53(12.25.118.5)
>>
>>;; WHEN: Thu Mar 16 15:37:45 2006
>>
>>;; MSG SIZE  rcvd: 92
>>
>>
>>
>># ./dig mnc170.mcc310.gprs
>>
>>
>>
>>; <<>> DiG 9.2.2 <<>> mnc170.mcc310.gprs
>>
>>;; global options:  printcmd
>>
>>;; Got answer:
>>
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3961
>>
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>
>>
>>;; QUESTION SECTION:
>>
>>;mnc170.mcc310.gprs.            IN      A
>>
>>
>>
>>;; AUTHORITY SECTION:
>>
>>mnc170.mcc310.gprs.     600     IN      SOA
>>wcrdns1.mnc410.mcc310.gprs. root
>>
>>.wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
>>
>>
>>
>>;; Query time: 99 msec
>>
>>;; SERVER: 12.25.118.5#53(12.25.118.5)
>>
>>;; WHEN: Thu Mar 16 15:38:05 2006
>>
>>;; MSG SIZE  rcvd: 92
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> 
>>
>>    
>>
>
>
>
>
>
>
>
>
>
>  
>

























More information about the bind-users mailing list