<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div style="RIGHT: auto"><SPAN style="RIGHT: auto"></SPAN> </div>
<div style="BACKGROUND-COLOR: transparent; FONT-STYLE: normal; FONT-FAMILY: times new roman, new york, times, serif; COLOR: rgb(0,0,0); FONT-SIZE: 16px; RIGHT: auto"><SPAN style="RIGHT: auto">dig +trace host.internal.hostname.com responds with a list of authoritative nameservers for the zone and the error "dig: couldn't get address for ns1.corporate.hostname.com" where the error cycles through all four of the authoritative nameservers.</SPAN></div>
<div style="RIGHT: auto"><SPAN style="RIGHT: auto"></SPAN> </div>
<div style="RIGHT: auto"><SPAN style="RIGHT: auto">Also ns1.corporate.hostname.com is not 192.168.1.1.<VAR id=yui-ie-cursor></VAR></SPAN></div>
<div style="RIGHT: auto"><SPAN style="RIGHT: auto"></SPAN> </div>
<div style="RIGHT: auto"><SPAN style="RIGHT: auto">Colin</SPAN></div>
<div style="RIGHT: auto"><SPAN style="RIGHT: auto"></SPAN> </div>
<div><BR></div>
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt">
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt">
<DIV style="RIGHT: auto" dir=ltr>
<DIV style="BORDER-BOTTOM: #ccc 1px solid; BORDER-LEFT: #ccc 1px solid; PADDING-BOTTOM: 0px; LINE-HEIGHT: 0; MARGIN: 5px 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; HEIGHT: 0px; FONT-SIZE: 0px; BORDER-TOP: #ccc 1px solid; BORDER-RIGHT: #ccc 1px solid; PADDING-TOP: 0px" class=hr readonly="true" contenteditable="false"></DIV><FONT size=2 face=Arial><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Colin Harvey <colinedwardharvey@yahoo.com><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> "WBrown@e1b.org" <WBrown@e1b.org> <BR><B><SPAN style="FONT-WEIGHT: bold">Cc:</SPAN></B> "bind-users-bounces+wbrown=e1b.org@lists.isc.org" <bind-users-bounces+wbrown=e1b.org@lists.isc.org>; bind users <bind-users@lists.isc.org> <BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Tuesday, August 27, 2013 2:13 PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: redirecting root hints to fake internal root server<BR></FONT></DIV>
<DIV style="RIGHT: auto" class=y_msg_container><BR>
<DIV style="RIGHT: auto" id=yiv3248111066>
<DIV style="RIGHT: auto">
<DIV style="BACKGROUND-COLOR: #fff; FONT-FAMILY: times new roman, new york, times, serif; COLOR: #000; FONT-SIZE: 12pt">
<DIV style="RIGHT: auto"><SPAN style="RIGHT: auto">Thanks. But I already have that option for the internal.hostname.com zone. Still not seeing traffic going to 192.168.1.1.</SPAN></DIV>
<DIV style="BACKGROUND-COLOR: transparent; FONT-STYLE: normal; FONT-FAMILY: times new roman, new york, times, serif; COLOR: rgb(0,0,0); FONT-SIZE: 16px"><SPAN></SPAN> </DIV>
<DIV style="BACKGROUND-COLOR: transparent; FONT-STYLE: normal; FONT-FAMILY: times new roman, new york, times, serif; COLOR: rgb(0,0,0); FONT-SIZE: 16px"><SPAN>Colin<VAR id=yiv3248111066yui-ie-cursor></VAR></SPAN></DIV>
<DIV><BR></DIV>
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt">
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt">
<DIV dir=ltr>
<DIV style="BORDER-BOTTOM: #ccc 1px solid; BORDER-LEFT: #ccc 1px solid; PADDING-BOTTOM: 0px; LINE-HEIGHT: 0; MARGIN: 5px 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; HEIGHT: 0px; FONT-SIZE: 0px; BORDER-TOP: #ccc 1px solid; BORDER-RIGHT: #ccc 1px solid; PADDING-TOP: 0px" class=yiv3248111066hr></DIV><FONT size=2 face=Arial><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> "WBrown@e1b.org" <WBrown@e1b.org><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> Colin Harvey <colinedwardharvey@yahoo.com> <BR><B><SPAN style="FONT-WEIGHT: bold">Cc:</SPAN></B> bind users <bind-users@lists.isc.org>; bind-users-bounces+wbrown=e1b.org@lists.isc.org <BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Tuesday, August 27, 2013 1:20 PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: redirecting root hints to fake internal root server<BR></FONT></DIV>
<DIV class=yiv3248111066y_msg_container><BR>From: Colin Harvey <<A href="mailto:colinedwardharvey@yahoo.com" rel=nofollow target=_blank ymailto="mailto:colinedwardharvey@yahoo.com">colinedwardharvey@yahoo.com</A>><BR>> My environment is firewalled from the real world. For queries on <BR>> zones to which I'm not master, I want to recurse to a corporate <BR>> server. nslookup some.internal.hostname.com <BR>> internal.corporate.server works fine. Setting "." to use this <BR>> internal server in the root.hints file does not. In fact I do not <BR>> even see my system trying to recurse. (I'm looking at network <BR>> traffic with a sniffer.)<BR>> <BR>> My root.hints:<BR>> <BR>> . 600 IN NS internal.corporate.server.<BR>> internal.corporate.server. 600 IN A 192.168.1.1<BR>> <BR>>
<BR>> Alternatively I've setup a forwarding zone in named.conf to query <BR>> 192.168.1.1 for 'internal.hostname.com'. When monitoring the <BR>> network for udp data over port 53, I'm not even seeing the query <BR>> being forwarded. Why?<BR><BR>Add these lines to your options section:<BR><BR> forward only;<BR> forwarders {192.168.1.1;};<BR><BR>see <BR><A href="ftp://ftp.isc.org/isc/bind9/9.9.3-P2/doc/arm/Bv9ARM.ch06.html#id2578567" rel=nofollow target=_blank>ftp://ftp.isc.org/isc/bind9/9.9.3-P2/doc/arm/Bv9ARM.ch06.html#id2578567</A><BR><BR><BR><BR>Confidentiality Notice: <BR>This electronic message and any attachments may contain confidential or <BR>privileged information, and is intended only for the individual or entity <BR>identified above as the addressee. If you are not the addressee (or the <BR>employee or agent responsible to deliver it to the addressee), or if this
<BR>message has been addressed to you in error, you are hereby notified that <BR>you may not copy, forward, disclose or use any part of this message or any <BR>attachments. Please notify the sender immediately by return e-mail or <BR>telephone and delete this message from your system.<BR><BR><BR></DIV></DIV></DIV></DIV></DIV></DIV><BR>_______________________________________________<BR>Please visit <A href="https://lists.isc.org/mailman/listinfo/bind-users" target=_blank>https://lists.isc.org/mailman/listinfo/bind-users</A>to unsubscribe from this list<BR><BR>bind-users mailing list<BR><A href="mailto:bind-users@lists.isc.org" ymailto="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</A><BR><A href="https://lists.isc.org/mailman/listinfo/bind-users" target=_blank>https://lists.isc.org/mailman/listinfo/bind-users</A><BR><BR></DIV></DIV></DIV></div></body></html>