No subject


Tue Apr 2 00:56:56 UTC 2013 

resolution even if you have recursion set; I don't think so. 




-----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
Sent: Thursday, August 24, 2000 12:52 AM
To: bind-users at isc.org
Subject: Re: nslookup can't but browser can !



No, both forms of forwarding look at the cache first. The difference is in
what
they do if they don't get a response from the forwarder(s): "forward
first" falls back to iterative resolution; "forward only" doesn't.

Given that, I'd speculate that your forwarder is answering *slowly*. With
"forward first", you timeout and ask the internal servers about the Internet
name, which claim that the name doesn't exist, but with "forward only", it
keeps on retrying the query and eventually gets an answer. On the other
hand,
"forward first" works for internal names, because the internal servers know
about them, but "forward only" does not, because apparently your forwarder
doesn't.

This speculation could be verified by enabling debugging on the nameserver.

If this speculation is correct, then:

1) find out why your forwarder is so slow to respond and fix it
2) change the global forwarding option to "forward only"
3) define the apex zones of all your internal domains as slave/stub/forward
to
the appropriate servers in order to "override" the forwarding to your
Internet
forwarder (for slave or stub zones you may want to specify "forwarders { }"
in
order to override forwarding for subzones as well). That way you'll be able
to
resolve both internal and external names.


- Kevin

Quadri, Jay wrote:

> I have a similar problem, my DNS box (A) only resolves internal names, and
> forwards Internet request to an internet DNS box (B), also forwards to
other
> extranet domestic nameservers (C).  my intranet DNS server has its own
hints
> file (not the Internic's, I wrote it, only includes my Intranet DNS boxes
as
> root servers).  ping works at all times, nslookup does not depending on
the
> forward, if the forwarding is set to:
>
> forward     first ;   I can use nslookup or dig to resolve Domestic names
> but not Internet names (C) .
> (forward first Checks the cache first before forwarding).
>
> forward   only ;   I can resolve Internet names with nslookup or dig, but
> can't resolve other domestic names (C) (forward all request).
>
> Any ideas?
>
>

More information about the bind-users mailing list