Why named forwards NS queries when is autoritative for upper domain?

Chris Buxton cbuxton at menandmice.com
Tue Dec 4 15:43:46 UTC 2007 

I'm going to guess that you're sending a recursive query to the c.b.a  
server. The delegation NS records are not authoritative, so the server  
receiving the query says to itself, "I don't know the answer, so I'll  
look it up. I have a forwarder for that job, so I'll just forward the  
packet to the b.a server."

To solve this, in your c.b.a master or slave zone, add this  
substatement:

	forwarders {};

This way, instead of forwarding the query for d.c.b.a to the global  
forwarder, it will do recursion. This means following the delegation  
records in the c.b.a zone and actually querying the d.c.b.a server(s).

In your current setup, you would get different results if you sent an  
iterative query (after clearing the cache). In that case, the c.b.a  
server would return the delegation records.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.



On Dec 4, 2007, at 7:31 AM, Adam Tkac wrote:

> Hi all,
>
> recetly I've found interesting behavior. I have domain b.a. and
> subdomain c.b.a. There's no delegation from b.a. to c.b.a. Server
> which is autoritative for c.b.a. has server for b.a. as forwarder.
> On server for c.b.a. I've set new subdomain d.c.b.a. with proper
> delegation. But when I query "c.b.a." server for NS records of
> d.c.b.a. subdomain I get NXDOMAIN from b.a. nameserver. Could anybody
> here point me why this doesn't work? I don't use forward {first,only}
> options.
>
> Regards, Adam
>
> -- 
> Adam Tkac, Red Hat, Inc.
>
>

More information about the bind-users mailing list