forwarding zone on BIND 8.2.2-P5
Kevin Darcy
kcd at daimlerchrysler.com
Mon May 15 22:31:46 UTC 2000
The "cryptic" message is just a record of the query which was received by the
nameserver. From the text, one can tell a) that it was a recursive query (because
of the "+" after the "XX"), b) that it came from address 131.96.32.182, c) that it
was a PTR type query for the name "43.22.96.131.in-addr.arpa". This is normally
what one would expect to see if someone just looked up the reverse record for the
address 131.96.22.43.
Okay, so let's get to the "problem" here: lack of packet activity between your
nameserver and its forwarder. This can be explained entirely by caching. On the
first query, your nameserver forwards the query and gets an answer back, either
that the name exists, or that it doesn't. It caches that answer for some length of
time (governed by either the TTL of the record, in the case of a positive
response, or by a field in the SOA record of the zone, in the case of a negative
response). As long as the record remains in the cache, your nameserver will answer
from that cached record instead of forwarding queries upstream.
- Kevin
sysatc at evoken.gsu.edu wrote:
> I am trying to setup a forwarding zone for both forward and reverse
> records with BIND 8.2.2-P5 on Solaris 2.6. (We want the requests to be
> forward only; we do not want to act as a secondary for the zone).
>
> I can verify by snooping the network connection on my name server that
> the request for "A" records is being forwarded to the real name server,
> but when I try to resolve an IP address into a name I get "non-existent
> host/domain", and there is no traffic between the name server and the
> server the request should be forwarded to.
>
> (I am experimenting with this on a "dummy" name server that only knows has
> an entry for itself and the zone I am trying to forward)>
>
> Here is part of my named.conf file:
>
> //
> // Zone CS.Gsu.EDU
> //
> zone "CS.Gsu.EDU" {
> type forward;
> forward only;
> forwarders {
> 131.96.22.199; // turing.cs.gsu.edu
> };
> };
>
> //
> // Zone 22.96.131.in-addr.arpa
> //
> zone "22.96.131.in-addr.arpa" {
> type forward;
> forward only;
> forwarders {
> 131.96.22.199; // turing.cs.gsu.edu
> };
> };
>
> This is the transcript of an nslookup session:
>
> {0}evoken:/usr/local/etc# nslookup
> Default Server: ns2.Gsu.EDU
> Address: 131.96.1.6
>
> > server evoken
> Default Server: evoken.gsu.edu
> Address: 131.96.32.182
>
> > tinman.cs
> Server: evoken.gsu.edu
> Address: 131.96.32.182
>
> Non-authoritative answer:
> Name: tinman.cs.gsu.edu
> Address: 131.96.22.43
>
> > 131.96.22.43
> Server: evoken.gsu.edu
> Address: 131.96.32.182
>
> *** evoken.gsu.edu can't find 131.96.22.43: Non-existent host/domain
> >
>
> Like I said, from snoop I can see a communication between evoken and
> turing.cs when I try to resolve tinman.cs, but I see no communication when
> I try to resolve 131.96.22.43.
>
> I do see a rather cryptic message in my logs:
>
> May 12 15:37:03 evoken named[1961]:
> XX+/131.96.32.182/43.22.96.131.in-addr.arpa/PTR/IN
>
> Does anyone know what I am doing wrong ?
>
> thanks
> toby
> --
> Toby Chappell Georgia State Univ.
> Lead Software System Engineer Atlanta, Georgia
> UNIX Support Phone: (404) 651-1062
> tchappell at gsu.edu Fax: (404) 651-4408
More information about the bind-users
mailing list