<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Try it without "+trace".<div class=""><br class=""></div><div class="">Regards,</div><div class="">Chris</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Aug 17, 2016, at 2:59 AM, anup albal <<a href="mailto:anupalbal@hotmail.com" class="">anupalbal@hotmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div id="divtagdefaultwrapper" style="font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; font-size: 12pt; background-color: rgb(255, 255, 255); font-family: Calibri, Arial, Helvetica, sans-serif;" class=""><p style="margin-top: 0px; margin-bottom: 0px;" class=""></p><div class="">Hi<br class=""><br class="">First up apologies if this is not the right list to email and for a long email. I am hoping you can give me a clue as to what I am doing wrong here? Or may be this is not supposed to work at all.<br class=""><br class="">We have an internal only DNS server (dns1) with fake root zone. i.e a fake file for the zone "."  This serves all internal clients.<br class="">We are running 9.6-ESV-R11-P2 for this.<br class=""><br class="">And we also have an external only DNS (ns1) which can talk to the internet for DNS queries and serves external clients.<br class=""><br class="">Now we have a requirement to have certain domains (e.g<span class="Apple-converted-space"> </span><a href="http://sharepoint.com/" class="">sharepoint.com</a>) resolved on clients being served by dns1.<span class="Apple-converted-space"> </span><br class=""><br class="">On dns1 I have setup a forward only zone called '<a href="http://sharepoint.com/" class="">sharepoint.com</a>' with ns1 set as the forwarder.<br class="">And on the fake root zone file, I have added an entry for sharepoint like below<br class=""><a href="http://sharepoint.com/" class="">sharepoint.com</a>.          NS    <span class="Apple-converted-space"> </span><a href="http://ns1.org.domain.name.au/" class="">ns1.org.domain.name.au</a>.<br class=""><br class="">when i run a dig +trace<span class="Apple-converted-space"> </span><a href="http://sharepoint.com/" class="">sharepoint.com</a><span class="Apple-converted-space"> </span>from dns1 I can resolve<span class="Apple-converted-space"> </span><a href="http://sharepoint.com/" class="">sharepoint.com</a><span class="Apple-converted-space"> </span><br class="">But when i run it from an internal client it gets a Non-authoritative: No answer<span class="Apple-converted-space"> </span><br class=""><br class="">Below are my snippets of my named.conf on dns1 (internal)<br class=""><br class="">options {<br class="">        directory "/var/dns";<br class="">        forwarders { ip.of.ns1; };<br class="">        listen-on  { ip.of.dns1; 127.0.0.1; };<br class="">        query-source address ip.of.dns1;<br class="">        notify-source ip.of.dns1;<br class="">        transfer-source ip.of.dns1;<br class="">        allow-transfer { xxx.xxx/16; };<span class="Apple-converted-space"> </span><br class="">        transfer-format one-answer;    // BIND9 (deal with Windows Server 2003)<br class=""><br class="">};<br class=""><br class=""><.....><br class="">zone "." in {<br class="">        type master;<br class="">        file "fake/root";<br class="">};<br class=""><br class="">zone "." in {<br class="">        type hint;<br class="">        file "/var/dns/fake/named.root";<br class="">};<br class="">zone "<a href="http://sharepoint.com/" class="">sharepoint.com</a>." in {<br class="">        type forward;<br class="">        forward only;<br class="">        forwarders {ip.of.ns1;};<br class="">};<br class=""><br class="">The file fake/root has entries like below (ip and domain names changed for security)<br class=""><br class="">$TTL 86400<br class="">; NOTE:  TTL based on from Bind8 SOA record<br class="">;<br class="">; This file contains *fake* DNS Resource Records for the root domain (.)<br class="">;<br class=""><br class="">.       IN      SOA    <span class="Apple-converted-space"> </span><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>.        xxx.dns1.<a href="http://org.domain.name.au/" class="">org.domain.name.au</a>.  (<br class="">                                     2016081608      ; serial<br class="">                                     10800   ; refresh<br class="">                                     3600    ; retry<br class="">                                     3600000 ; expire<br class="">                                     86400 ) ; minimum<br class=""><br class="">.                       NS     <span class="Apple-converted-space"> </span><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>.<br class="">;.                      NS     <span class="Apple-converted-space"> </span><a href="http://dns2.org.domain.name.au/" class="">dns2.org.domain.name.au</a>.<br class=""><br class=""><a href="http://com.au/" class="">com.au</a>.                 NS     <span class="Apple-converted-space"> </span><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>.<br class=""><a href="http://sharepoint.com/" class="">sharepoint.com</a>.         NS     <span class="Apple-converted-space"> </span><a href="http://ns1.org.domain.name.au/" class="">ns1.org.domain.name.au</a>.<br class=""><a href="http://difforg.diffdomain.au/" class="">difforg.diffdomain.au</a>.             NS     <span class="Apple-converted-space"> </span><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>.<br class=""><br class="">0.0.127.in-addr.arpa.   NS     <span class="Apple-converted-space"> </span><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>.<br class=""><br class="">xxx.xxx.in-addr.arpa.   NS     <span class="Apple-converted-space"> </span><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>.<br class=""><br class="">localhost.              A       127.0.0.1<br class=""><br class="">; Glue<br class=""><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>. A      ip.of.dns1<br class=""><a href="http://ns1.org.domain.name.au/" class="">ns1.org.domain.name.au</a>.  A      ip.of.ns1<br class="">;<a href="http://dns2.org.domain.name.au/" class="">dns2.org.domain.name.au</a>. A      xxx.xxx.xxx.xxx<br class=""><br class="">The root hints file (named.root) has below<span class="Apple-converted-space"> </span><br class=""><br class="">.       3600    IN NS  <span class="Apple-converted-space"> </span><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a><br class="">dns1    3600        A   ip.of.dns1<br class=""><br class=""><br class="">nslookup on a client returns this<br class="">nslookup<span class="Apple-converted-space"> </span><a href="http://sharepoint.com/" class="">sharepoint.com</a><br class="">Server:         ip.of.dns1<br class="">Address:        ip.of.dns1#53<br class=""><br class="">Non-authoritative answer:<br class="">*** Can't find<span class="Apple-converted-space"> </span><a href="http://sharepoint.com/" class="">sharepoint.com</a>: No answer<br class=""><br class="">And running dig on a client returns this<br class=""> dig +trace<span class="Apple-converted-space"> </span><a href="http://sharepoint.com/" class="">sharepoint.com</a><br class=""><br class="">; <<>> DiG 9.3.4-P1 <<>> +trace<span class="Apple-converted-space"> </span><a href="http://sharepoint.com/" class="">sharepoint.com</a><br class="">;; global options:  printcmd<br class="">.                       86400   IN      NS     <span class="Apple-converted-space"> </span><a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>.<br class="">;; Received 69 bytes from ip.of.dns1#53(ip.of.dns1) in 1 ms<br class=""><br class=""><a href="http://sharepoint.com/" class="">sharepoint.com</a>.         86400   IN      NS     <span class="Apple-converted-space"> </span><a href="http://ns1.org.domain.name.au/" class="">ns1.org.domain.name.au</a>.<br class="">;; Received 84 bytes from ip.of.dns1#53(<a href="http://dns1.org.domain.name.au/" class="">dns1.org.domain.name.au</a>) in 0 ms<br class=""><br class="">;; connection timed out; no servers could be reached<br class=""></div><br class=""><p style="margin-top: 0px; margin-bottom: 0px;" class=""></p><div style="margin-top: 0px; margin-bottom: 0px;" class=""><br class="">Regards</div><div style="margin-top: 0px; margin-bottom: 0px;" class="">Anup<br class=""></div></div><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">_______________________________________________</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Please visit<span class="Apple-converted-space"> </span></span><a href="https://lists.isc.org/mailman/listinfo/bind-users" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">https://lists.isc.org/mailman/listinfo/bind-users</a><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><span class="Apple-converted-space"> </span>to unsubscribe from this list</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">bind-users mailing list</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="mailto:bind-users@lists.isc.org" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">bind-users@lists.isc.org</a><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="https://lists.isc.org/mailman/listinfo/bind-users" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">https://lists.isc.org/mailman/listinfo/bind-users</a></div></blockquote></div><br class=""></div></body></html>