bind public/private domain question

Chris Buxton chris.p.buxton at
Tue Feb 21 21:30:36 UTC 2012

On Feb 21, 2012, at 9:51 AM, Marseglia, Michael wrote:

> Hello,
>   I’m looking for advice on an issue.  I have a publicly registered domain which we also use internally.  I have bind configured as a caching DNS server.  Bind is configured to use four other Windows DNS servers as forwarders for the domain.  Bind should be using the root servers for anything not configured to forward.
>   Bind replies with the correct name record when I perform a query using the fqdn for a machine.  However, the authority and additional portion of the query returns the root servers.
>   The Windows DNS servers are returned if I perform a query for the NS records of the internal domain.
>   Subsequent DNS queries using the fqdn show the appropriate, internal Windows DNS servers.

This is harmless and normal.

>   I don’t understand why BIND is attempting to resolve the private, internal domain using the root servers when I have a forwarders statement in my configuration file specifying our internal DNS servers.

It's not.

>   Is there an article that addresses this issue or can someone please point me to the correct resource so I can understand what is going on?

- BIND receives query for hostname in internal domain
- BIND forwards query to MS DNS server
- MS DNS server answers authoritatively, but does not include auth and add'l sections
- BIND evaluates answer and accepts it
- BIND sends answer back to client, along with the best auth and add'l data it has in cache, which might be from the root zone
- Client gets answer, but drops auth and add'l sections

Harmless. Normal. Nothing to be worried about.

Chris Buxton
BlueCat Networks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list