Forward zone problem: impact of recursive-clients statement?
Stefanick, Andrew
astefanick at metasolv.com
Wed Mar 29 18:06:29 UTC 2006
I see this in the far side's config:
He is running BIND 9.2.0 and I am running BIND 9.2.3
here is our config file:
ULYSDNS1:/etc # cat named.conf
// generated by named-bootconf.pl
options {
directory "/etc/named.data"; // running directory for named
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address 2XX.2XX.X.X port 53;
recursive-clients 5000;
};
This recursive clients number, is it a threshold, and once you reach
that threshold, the DNS won't answer anymore recursive queries???
Does it reset itself???
-----Original Message-----
From: Stefanick, Andrew
Sent: Saturday, March 25, 2006 5:32 PM
To: bind-users at isc.org
Subject: RE: Forward zone problem: Forward query vs Direct query from
the receiving DNS servers perspective.
This looks to be working to the conclusion that the target server is
providing the wrong answer to my query.
Here is my last question though?
Is there a difference between a forwarded request to a DNS server vs a
direct query?
Is there a case where the DNS server will ignore a forwarded request,
yet answer the direct query?
Or is a query just a query. No difference?
-----Original Message-----
From: Stefanick, Andrew
Sent: Wednesday, March 22, 2006 7:49 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem
Is there any LIMIT to the number of forwarders you can specify???
Hello???
-----Original Message-----
From: Stefanick, Andrew
Sent: Tuesday, March 21, 2006 12:17 PM
To: bind-users at isc.org
Subject: RE: Forward zone problem
What is the significance of the AUTHORITY flag in all these dig
outputs??
Seems that all the successful responses have AUTHORITY:0
And the unsuccessful ones have AUTHORITY:1
What determines the AUTHORITY?
I though only the zones which I am MASTER am I authoritive for.
mnc410.mcc310.gprs is a working forwarder
mnc610.mcc310.gprs is the one we are trying to get to work.
12.25.118.5 has the 610 forwarder in its config.
12.25.118.10 is the other DNS, and I do not have it know about 610
# ./dig @12.25.118.5 mnc410.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc410.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30768
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;mnc410.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc410.mcc310.gprs. 491 IN NS
wcrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs. 491 IN NS
atlrdns1.mnc410.mcc310.gprs.
;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 604691 IN A 66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 604691 IN A 66.102.184.70
;; Query time: 3 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 09:51:07 2006
;; MSG SIZE rcvd: 113
# ./dig @12.25.118.10 mnc410.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc410.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60379
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;mnc410.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc410.mcc310.gprs. 407 IN NS
atlrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs. 407 IN NS
wcrdns1.mnc410.mcc310.gprs.
;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 604607 IN A 66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 604607 IN A 66.102.184.70
;; Query time: 5 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 09:51:33 2006
;; MSG SIZE rcvd: 113
# ./dig @66.102.184.70 mnc410.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @66.102.184.70 mnc410.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59520
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;mnc410.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc410.mcc310.gprs. 600 IN NS
atlrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs. 600 IN NS
wcrdns1.mnc410.mcc310.gprs.
;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 3600000 IN A 66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 3600000 IN A 66.102.184.70
;; Query time: 198 msec
;; SERVER: 66.102.184.70#53(66.102.184.70)
;; WHEN: Tue Mar 21 09:51:56 2006
;; MSG SIZE rcvd: 113
# ./dig @66.102.185.70 mnc410.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @66.102.185.70 mnc410.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9801
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;mnc410.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc410.mcc310.gprs. 600 IN NS
atlrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs. 600 IN NS
wcrdns1.mnc410.mcc310.gprs.
;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 3600000 IN A 66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 3600000 IN A 66.102.184.70
;; Query time: 165 msec
;; SERVER: 66.102.185.70#53(66.102.185.70)
;; WHEN: Tue Mar 21 09:52:37 2006
;; MSG SIZE rcvd: 113
# ./dig @12.25.118.5 mnc610.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc610.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8942
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mnc610.mcc310.gprs. IN NS
;; AUTHORITY SECTION:
. 10458 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 09:53:00 2006
;; MSG SIZE rcvd: 111
# ./dig @12.25.118.10 mnc610.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc610.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8084
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mnc610.mcc310.gprs. IN NS
;; AUTHORITY SECTION:
. 10472 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400
;; Query time: 4 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 09:53:23 2006
;; MSG SIZE rcvd: 111
# ./dig @206.253.34.38 mnc610.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @206.253.34.38 mnc610.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2627
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mnc610.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc610.mcc310.gprs. 86400 IN NS
ULYSDNS1.mnc340.mcc310.gprs.
;; ADDITIONAL SECTION:
ULYSDNS1.mnc340.mcc310.gprs. 86400 IN A 206.253.34.38
;; Query time: 57 msec
;; SERVER: 206.253.34.38#53(206.253.34.38)
;; WHEN: Tue Mar 21 09:53:49 2006
;; MSG SIZE rcvd: 82
These are random digs I did against other forwarders I saw in the conf
file.
# ./dig @12.25.118.5 mnc180.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc180.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54675
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;mnc180.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc180.mcc310.gprs. 0 IN NS gprsdns.wcc.net.
mnc180.mcc310.gprs. 0 IN NS wcwmps.wcc.net.
;; ADDITIONAL SECTION:
wcwmps.wcc.net. 86400 IN A 10.10.12.7
wcwmps.wcc.net. 86400 IN A 208.33.46.199
;; Query time: 315 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 09:55:55 2006
;; MSG SIZE rcvd: 118
# ./dig @12.25.118.10 mnc180.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc180.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44620
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;mnc180.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc180.mcc310.gprs. 0 IN NS wcwmps.wcc.net.
mnc180.mcc310.gprs. 0 IN NS gprsdns.wcc.net.
;; ADDITIONAL SECTION:
wcwmps.wcc.net. 86400 IN A 10.10.12.7
wcwmps.wcc.net. 86400 IN A 208.33.46.199
;; Query time: 105 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 09:56:30 2006
;; MSG SIZE rcvd: 118
# ./dig @208.33.46.199 mnc180.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @208.33.46.199 mnc180.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39164
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;mnc180.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc180.mcc310.gprs. 0 IN NS gprsdns.wcc.net.
mnc180.mcc310.gprs. 0 IN NS wcwmps.wcc.net.
;; ADDITIONAL SECTION:
wcwmps.wcc.net. 86400 IN A 10.10.12.7
wcwmps.wcc.net. 86400 IN A 208.33.46.199
;; Query time: 49 msec
;; SERVER: 208.33.46.199#53(208.33.46.199)
;; WHEN: Tue Mar 21 09:56:56 2006
;; MSG SIZE rcvd: 118
# ./dig @12.25.118.5 mnc310.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc310.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49524
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mnc310.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc310.mcc310.gprs. 3333 IN NS
dnssnq00.dsnq.voicestream.us.gprs.
;; ADDITIONAL SECTION:
dnssnq00.dsnq.voicestream.us.gprs. 84687 IN A 216.155.160.196
;; Query time: 3 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 09:58:07 2006
;; MSG SIZE rcvd: 95
# ./dig @12.25.118.10 mnc310.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc310.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48665
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mnc310.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc310.mcc310.gprs. 1702 IN NS
dnssnq00.dsnq.voicestream.us.gprs.
;; ADDITIONAL SECTION:
dnssnq00.dsnq.voicestream.us.gprs. 82486 IN A 216.155.160.196
;; Query time: 5 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 09:58:28 2006
;; MSG SIZE rcvd: 95
# ./dig @216.155.160.196 mnc310.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @216.155.160.196 mnc310.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12740
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mnc310.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc310.mcc310.gprs. 3600 IN NS
dnssnq00.dsnq.voicestream.us.gprs.
;; ADDITIONAL SECTION:
dnssnq00.dsnq.voicestream.us.gprs. 86400 IN A 216.155.160.196
;; Query time: 655 msec
;; SERVER: 216.155.160.196#53(216.155.160.196)
;; WHEN: Tue Mar 21 09:58:54 2006
;; MSG SIZE rcvd: 95
# ./dig @216.155.160.197 mnc310.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @216.155.160.197 mnc310.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42350
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mnc310.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc310.mcc310.gprs. 3600 IN NS
dnssnq00.dsnq.voicestream.us.gprs.
;; ADDITIONAL SECTION:
dnssnq00.dsnq.voicestream.us.gprs. 86400 IN A 216.155.160.196
;; Query time: 756 msec
;; SERVER: 216.155.160.197#53(216.155.160.197)
;; WHEN: Tue Mar 21 09:59:19 2006
;; MSG SIZE rcvd: 95
# ./dig @216.155.160.105 mnc310.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @216.155.160.105 mnc310.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mnc310.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc310.mcc310.gprs. 3600 IN NS
dnsnatl0.datl.voicestream.us.gprs.
;; ADDITIONAL SECTION:
dnsnatl0.datl.voicestream.us.gprs. 3600 IN A 216.155.160.105
;; Query time: 103 msec
;; SERVER: 216.155.160.105#53(216.155.160.105)
;; WHEN: Tue Mar 21 10:00:00 2006
;; MSG SIZE rcvd: 95
# ./dig @216.155.160.106 mnc310.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @216.155.160.106 mnc310.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mnc310.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc310.mcc310.gprs. 3600 IN NS
dnsnatl0.datl.voicestream.us.gprs.
;; ADDITIONAL SECTION:
dnsnatl0.datl.voicestream.us.gprs. 3600 IN A 216.155.160.105
;; Query time: 572 msec
;; SERVER: 216.155.160.106#53(216.155.160.106)
;; WHEN: Tue Mar 21 10:00:23 2006
;; MSG SIZE rcvd: 95
And here is the forwarder that had been working for a year to this same
target.
# ./dig @12.25.118.5 mnc340.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.5 mnc340.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34678
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mnc340.mcc310.gprs. IN NS
;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400
;; Query time: 2048 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Tue Mar 21 12:04:31 2006
;; MSG SIZE rcvd: 111
# ./dig @12.25.118.10 mnc340.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @12.25.118.10 mnc340.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10829
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mnc340.mcc310.gprs. IN NS
;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006032001 1800 900 604800 86400
;; Query time: 2092 msec
;; SERVER: 12.25.118.10#53(12.25.118.10)
;; WHEN: Tue Mar 21 12:05:21 2006
;; MSG SIZE rcvd: 111
# ./dig @206.253.34.38 mnc340.mcc310.gprs. ns
; <<>> DiG 9.2.2 <<>> @206.253.34.38 mnc340.mcc310.gprs. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48777
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mnc340.mcc310.gprs. IN NS
;; ANSWER SECTION:
mnc340.mcc310.gprs. 86400 IN NS
ULYSDNS1.mnc340.mcc310.gprs.
;; ADDITIONAL SECTION:
ULYSDNS1.mnc340.mcc310.gprs. 86400 IN A 206.253.34.38
;; Query time: 225 msec
;; SERVER: 206.253.34.38#53(206.253.34.38)
;; WHEN: Tue Mar 21 12:05:56 2006
;; MSG SIZE rcvd: 75
-----Original Message-----
From: Stefanick, Andrew
Sent: Monday, March 20, 2006 10:34 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem
I am actually working with BIND 9.2.2 if that makes a huge difference.
What is the correct way to get meaning query log info?
I tried -q option, but named does not start when I specify that.
-----Original Message-----
From: Stefanick, Andrew
Sent: Monday, March 20, 2006 9:27 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem
I saw post from March 23, 2004, but it had no replies:
Any way to trace the path of queries for type forward zones??
dig @dnsbox +trace always starts with the root servers, since it's
intended to trace delegation.
dig @dnsbox +norecursive returns referrals to authoritative sources,
but says nothing of the server(s) listed in the zone forwarders
statement @dnsbox, implying it would follow delegations that in fact
it does not.
This is not a problem... just musing how I would troubleshoot some
twisted forwarding scheme through multiple servers.
-----Original Message-----
From: Stefanick, Andrew
Sent: Monday, March 20, 2006 8:37 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem
Can somebody help me understand this dig output?
The "mnc410..." query is working, and here are the digs I performed.
# ./dig @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa +trace
; <<>> DiG 9.2.2 <<>> @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa
+trace
;; global options: printcmd
. 267612 IN NS E.ROOT-SERVERS.NET.
. 267612 IN NS F.ROOT-SERVERS.NET.
. 267612 IN NS G.ROOT-SERVERS.NET.
. 267612 IN NS H.ROOT-SERVERS.NET.
. 267612 IN NS I.ROOT-SERVERS.NET.
. 267612 IN NS J.ROOT-SERVERS.NET.
. 267612 IN NS K.ROOT-SERVERS.NET.
. 267612 IN NS L.ROOT-SERVERS.NET.
. 267612 IN NS M.ROOT-SERVERS.NET.
. 267612 IN NS A.ROOT-SERVERS.NET.
. 267612 IN NS B.ROOT-SERVERS.NET.
. 267612 IN NS C.ROOT-SERVERS.NET.
. 267612 IN NS D.ROOT-SERVERS.NET.
;; Received 340 bytes from 12.25.118.5#53(12.25.118.5) in 6 ms
./dig: Couldn't find server 'E.ROOT-SERVERS.NET': host/servname not
known
# ./dig @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa +norec
; <<>> DiG 9.2.2 <<>> @12.25.118.5 wap.cingular.mnc410.mcc310.gprs soa
+norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5937
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;wap.cingular.mnc410.mcc310.gprs. IN SOA
;; AUTHORITY SECTION:
mnc410.mcc310.gprs. 598 IN NS
atlrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs. 598 IN NS
wcrdns1.mnc410.mcc310.gprs.
;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 604798 IN A 66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 604798 IN A 66.102.184.70
;; Query time: 3 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Mon Mar 20 10:13:12 2006
;; MSG SIZE rcvd: 126
Now here are the digs on the non-working forwarder. Again, both of
these forwarders only exist as 3 lines of directives in the named.conf,
so why do they behave so differently???
# ./dig 12.25.118.5 internet.epictouch.mnc610.mcc310.gprs soa +trace
; <<>> DiG 9.2.2 <<>> 12.25.118.5 internet.epictouch.mnc610.mcc310.gprs
soa +trace
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32172
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;12.25.118.5. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net.
nstld.verisign-grs.com. 2006031901 1800 900 604800 86400
;; Query time: 67 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Mon Mar 20 10:27:46 2006
;; MSG SIZE rcvd: 104
. 266702 IN NS A.ROOT-SERVERS.NET.
. 266702 IN NS B.ROOT-SERVERS.NET.
. 266702 IN NS C.ROOT-SERVERS.NET.
. 266702 IN NS D.ROOT-SERVERS.NET.
. 266702 IN NS E.ROOT-SERVERS.NET.
. 266702 IN NS F.ROOT-SERVERS.NET.
. 266702 IN NS G.ROOT-SERVERS.NET.
. 266702 IN NS H.ROOT-SERVERS.NET.
. 266702 IN NS I.ROOT-SERVERS.NET.
. 266702 IN NS J.ROOT-SERVERS.NET.
. 266702 IN NS K.ROOT-SERVERS.NET.
. 266702 IN NS L.ROOT-SERVERS.NET.
. 266702 IN NS M.ROOT-SERVERS.NET.
;; Received 340 bytes from 12.25.118.5#53(12.25.118.5) in 4 ms
./dig: Couldn't find server 'A.ROOT-SERVERS.NET': host/servname not
known
# ./dig @12.25.118.5 internet.epictouch.mnc610.mcc310.gprs soa +norec
; <<>> DiG 9.2.2 <<>> @12.25.118.5 internet.epictouch.mnc610.mcc310.gprs
soa +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18378
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 7
;; QUESTION SECTION:
;internet.epictouch.mnc610.mcc310.gprs. IN SOA
;; AUTHORITY SECTION:
. 266666 IN NS D.ROOT-SERVERS.NET.
. 266666 IN NS E.ROOT-SERVERS.NET.
. 266666 IN NS F.ROOT-SERVERS.NET.
. 266666 IN NS G.ROOT-SERVERS.NET.
. 266666 IN NS H.ROOT-SERVERS.NET.
. 266666 IN NS I.ROOT-SERVERS.NET.
. 266666 IN NS J.ROOT-SERVERS.NET.
. 266666 IN NS K.ROOT-SERVERS.NET.
. 266666 IN NS L.ROOT-SERVERS.NET.
. 266666 IN NS M.ROOT-SERVERS.NET.
. 266666 IN NS A.ROOT-SERVERS.NET.
. 266666 IN NS B.ROOT-SERVERS.NET.
. 266666 IN NS C.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
D.ROOT-SERVERS.NET. 462914 IN A 128.8.10.90
F.ROOT-SERVERS.NET. 462912 IN A 192.5.5.241
I.ROOT-SERVERS.NET. 462906 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 538238 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 462908 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 462904 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 462902 IN A 202.12.27.33
;; Query time: 6 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Mon Mar 20 10:28:22 2006
;; MSG SIZE rcvd: 378
-----Original Message-----
From: Stefanick, Andrew
Sent: Friday, March 17, 2006 11:54 AM
To: bind-users at isc.org
Subject: RE: Forward zone problem
This is BIND 9.2.1 (I realize some logging parameters are not correct)
# cat named.conf
options {
directory "/opt/mps/data/dnspic";
pid-file "/opt/mps/data/dnspic/named.pid";
port 53;
check-names master ignore;
statistics-interval 5;
};
logging {
channel log_syslog {
syslog daemon;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel log_default {
file "/var/adm/DNS_default.log" versions 2 size 30M;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel dnsmsg_file {
file "/var/adm/DNS_messages.log" versions 2 size 10M;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel stats_file {
file "/var/adm/DNS_stats.log" versions 2 size 10M;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_file {
file "/var/adm/DNS_query.log" versions 2 size 100M;
severity info;
print-category yes;
print-severity yes;
print-time yes;
//For query logging to work,niddnsd must be running;
//with the-q option(query logging mode);
//DO NOT use the "-d1-q" options together,as this will;
//cause the$POLICY_HOME/log/monitord.log(if using monitord);
//or the$POLICY_HOME/etc/niddnsd.run(if not using monitord);
//to grow substantially,without control.;
};
category default {
log_default;
};
category cname {
null;
};
category config {
dnsmsg_file;
};
category load {
dnsmsg_file;
};
category ncache {
null;
};
category response-checks {
null;
};
category lame-servers {
null;
};
category os {
log_syslog;
};
category panic {
log_syslog;
};
category response-checks {
dnsmsg_file;
};
category security {
null;
};
category statistics {
log_syslog;
stats_file;
};
category xfer-in {
dnsmsg_file;
};
category xfer-out {
dnsmsg_file;
};
category queries {
query_file;
};
};
controls {
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
};
zone "." in {
type hint;
file "db.cache";
};
// generated
zone "45.10.10.in-addr.arpa." in {
type master;
file "db.45.10.10.in-addr.arpa";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "16.32.10.in-addr.arpa." in {
type master;
file "db.16.32.10.in-addr.arpa";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "118.25.12.in-addr.arpa." in {
type master;
file "db.118.25.12.in-addr.arpa";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "119.25.12.in-addr.arpa." in {
type master;
file "db.119.25.12.in-addr.arpa";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "209.166.in-addr.arpa." in {
type master;
file "db.209.166.in-addr.arpa";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "mnc560.mcc310.gprs." in {
type master;
file "db.mnc560.mcc310.gprs";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "amrgsm.mnc560.mcc310.gprs." in {
type master;
file "db.amrgsm.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "atlaspipeline.mnc560.mcc310.gprs." in {
type master;
file "db.atlaspipeline.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "biokey.mnc560.mcc310.gprs." in {
type master;
file "db.biokey.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "cellular1.mnc560.mcc310.gprs." in {
type master;
file "db.cellular1.mnc560.mcc310.gprs";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "cellular1wap.mnc560.mcc310.gprs." in {
type master;
file "db.cellular1wap.mnc560.mcc310.gprs";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "chautauqua.mnc560.mcc310.gprs." in {
type master;
file "db.chautauqua.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "dobsoncellular.mnc560.mcc310.gprs." in {
type master;
file "db.dobsoncellular.mnc560.mcc310.gprs";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "dobsoncellularwap.mnc560.mcc310.gprs." in {
type master;
file "db.dobsoncellularwap.mnc560.mcc310.gprs";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "dobson.employee.mnc560.mcc310.gprs." in {
type master;
file "db.dobson.employee.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "enogex.mnc560.mcc310.gprs." in {
type master;
file "db.enogex.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "mahoning.mnc560.mcc310.gprs." in {
type master;
file "db.mahoning.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "gre.meters.mnc560.mcc310.gprs." in {
type master;
file "db.gre.meters.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "mpamrgsm.mnc560.mcc310.gprs." in {
type master;
file "db.mpamrgsm.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "blackberry.net.mnc560.mcc310.gprs." in {
type master;
file "db.blackberry.net.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "servicestar.mnc560.mcc310.gprs." in {
type master;
file "db.servicestar.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "staticip.mnc560.mcc310.gprs." in {
type master;
file "db.staticip.mnc560.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "mnc680.mcc310.gprs." in {
type master;
file "db.mnc680.mcc310.gprs";
allow-transfer { 12.25.118.110; 12.25.118.105; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "cellular1.mnc680.mcc310.gprs." in {
type master;
file "db.cellular1.mnc680.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "cellular1wap.mnc680.mcc310.gprs." in {
type master;
file "db.cellular1wap.mnc680.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "employee.mnc680.mcc310.gprs." in {
type master;
file "db.employee.mnc680.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "dobson.employee.mnc680.mcc310.gprs." in {
type master;
file "db.dobson.employee.mnc680.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "blackberry.net.mnc680.mcc310.gprs." in {
type master;
file "db.blackberry.net.mnc680.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "prepaidgprs.mnc680.mcc310.gprs." in {
type master;
file "db.prepaidgprs.mnc680.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "staticip.mnc680.mcc310.gprs." in {
type master;
file "db.staticip.mnc680.mcc310.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "pop3.gprs." in {
type master;
file "db.pop3.gprs";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "im." in {
type master;
file "db.im";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "smtp." in {
type master;
file "db.smtp";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "wap." in {
type master;
file "db.wap";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "wapgw." in {
type master;
file "db.wapgw";
allow-transfer { none; };
allow-update { 127.0.0.1; 10.32.16.66; 10.32.16.65; };
};
zone "mnc340.mcc310.gprs." in {
type forward;
forwarders { 206.253.34.38; };
};
zone "mnc020.mcc310.gprs." in {
type forward;
forwarders { 166.230.4.23; 166.230.4.68; };
};
zone "mnc660.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc080.mcc310.gprs." in {
type forward;
forwarders { 64.89.96.41; };
};
zone "mnc210.mcc311.gprs." in {
type forward;
forwarders { 64.178.236.24; 64.178.236.25; };
};
zone "mnc210.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc240.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc590.mcc310.gprs." in {
type forward;
forwarders { 65.215.156.236; 65.215.156.237; };
};
zone "mnc270.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc010.mcc280.gprs." in {
type forward;
forwarders { 213.207.137.59; };
};
zone "mnc460.mcc310.gprs." in {
type forward;
forwarders { 206.71.207.2; };
};
zone "mnc490.mcc310.gprs." in {
type forward;
forwarders { 204.94.32.129; 204.94.32.130; };
};
zone "mnc170.mcc310.gprs." in {
type forward;
forwarders { 66.102.184.70; 66.102.185.70; };
};
zone "mnc910.mcc310.gprs." in {
type forward;
forwarders { 204.87.229.189; 204.87.229.190; };
};
zone "mnc020.mcc334.gprs." in {
type forward;
forwarders { 200.79.17.19; 200.79.17.20; };
};
zone "mnc0410.mcc0310.gprs." in {
type forward;
forwarders { 66.102.184.70; 66.102.185.70; };
};
zone "mnc010.mcc311.gprs." in {
type forward;
forwarders { 63.99.212.68; };
};
zone "mnc370.mcc302.gprs." in {
type forward;
forwarders { 142.146.247.194; 142.146.247.210; };
};
zone "ztango.com." in {
type forward;
forwarders { 12.28.87.35; 12.28.87.70; };
};
zone "mnc070.mcc311.gprs." in {
type forward;
forwarders { 67.129.227.7; 67.129.227.8; };
};
zone "mnc390.mcc310.gprs." in {
type forward;
forwarders { 63.99.212.68; };
};
zone "mnc070.mcc310.gprs." in {
type forward;
forwarders { 12.174.3.11; 12.174.3.12; };
};
zone "mnc230.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc580.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc260.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc720.mcc302.gprs." in {
type forward;
forwarders { 142.146.247.194; 142.146.247.210; };
};
zone "dobson.net." in {
type forward;
forwarders { 12.28.87.35; 12.28.87.70; };
};
zone "mnc100.mcc310.gprs." in {
type forward;
forwarders { 208.254.125.68; };
};
zone "mnc420.mcc310.gprs." in {
type forward;
forwarders { 216.68.79.243; 216.68.79.244; };
};
zone "mnc770.mcc310.gprs." in {
type forward;
forwarders { 194.215.72.69; 194.215.72.38; 81.28.64.47; 81.28.64.46;
};
};
zone "mnc450.mcc310.gprs." in {
type forward;
forwarders { 65.113.229.21; 65.113.229.22; };
};
zone "mnc160.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc190.mcc311.gprs." in {
type forward;
forwarders { 168.103.195.2; };
};
zone "mnc610.mcc310.gprs." in {
type forward;
forwarders { 206.253.34.38; };
};
zone "mnc640.mcc310.gprs." in {
type forward;
forwarders { 209.103.202.57; 209.103.202.58; };
};
zone "mnc016.mcc204.gprs." in {
type forward;
forwarders { 84.241.224.117; 84.241.224.125; 194.229.188.57;
194.229.188.58; };
};
zone "mnc030.mcc310.gprs." in {
type forward;
forwarders { 205.242.95.18; 205.242.95.19; };
};
zone "mnc380.mcc310.gprs." in {
type forward;
forwarders { 209.183.42.248; 209.183.42.249; };
};
zone "mnc090.mcc310.gprs." in {
type forward;
forwarders { 63.161.114.210; 63.161.114.211; };
};
zone "mnc800.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc570.mcc348.gprs." in {
type forward;
forwarders { 213.181.39.1; 213.181.39.10; };
};
zone "mnc002.mcc242.gprs." in {
type forward;
forwarders { 193.109.210.5; 193.109.210.6; };
};
zone "mnc002.mcc272.gprs." in {
type forward;
forwarders { 62.40.40.7; 62.40.40.8; };
};
zone "mnc220.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc890.mcc310.gprs." in {
type forward;
forwarders { 65.168.87.75; 65.168.87.76; };
};
zone "mnc250.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
zone "mnc410.mcc310.gprs." in {
type forward;
forwarders { 66.102.184.70; 66.102.185.70; };
};
zone "mnc150.mcc310.gprs." in {
type forward;
forwarders { 66.102.184.70; 66.102.185.70; };
};
zone "mnc180.mcc310.gprs." in {
type forward;
forwarders { 208.33.46.199; };
};
zone "mnc310.mcc310.gprs." in {
type forward;
forwarders { 216.155.160.196; 216.155.160.197; 216.155.160.105;
216.155.160.106; };
};
This is one of the zone files this DNS is master for:
# cat db.mnc560.mcc310.gprs
$TTL 43200
mnc560.mcc310.gprs. 0 IN SOA youndns1.mnc560.mcc310.gprs.
admin.mnc560.mcc310.gprs. (
150 ; serial number
3600 ; refresh after
900 ; retry after
604800 ; expire cache after
43200 ) ; Minimum TTL
; generated NS records
mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
anchdns1.mnc560.mcc310.gprs. IN A 12.25.118.105
anchdns2.mnc560.mcc310.gprs. IN A 12.25.118.110
cellular1.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
cellular1.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
cellular1.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
cellular1.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
cellular1wap.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
cellular1wap.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
cellular1wap.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
cellular1wap.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
dobsoncellular.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
dobsoncellular.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
dobsoncellular.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
dobsoncellular.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
dobsoncellularwap.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
dobsoncellularwap.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
dobsoncellularwap.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
dobsoncellularwap.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
gre.meters.mnc560.mcc310.gprs. IN NS anchdns1.mnc560.mcc310.gprs.
gre.meters.mnc560.mcc310.gprs. IN NS anchdns2.mnc560.mcc310.gprs.
gre.meters.mnc560.mcc310.gprs. IN NS youndns1.mnc560.mcc310.gprs.
gre.meters.mnc560.mcc310.gprs. IN NS youndns2.mnc560.mcc310.gprs.
youndns1.mnc560.mcc310.gprs. IN A 12.25.118.5
youndns2.mnc560.mcc310.gprs. IN A 12.25.118.10
; generated A Records
anchdns1.mnc560.mcc310.gprs. IN A 12.25.118.105
anchdns2.mnc560.mcc310.gprs. IN A 12.25.118.110
cellular1eit.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
cellular1mms.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
dobsoncellulareit.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
gps.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
prepaidgprs.mnc560.mcc310.gprs. 3600 IN A 12.25.118.37
youndns1.mnc560.mcc310.gprs. IN A 12.25.118.5
youndns2.mnc560.mcc310.gprs. 0 IN A 12.25.118.10
# cat /etc/resolv.conf
domain mnc560.mcc310.gprs
nameserver 12.25.118.5
nameserver 12.25.118.10
nameserver 10.10.45.30
nameserver 10.10.45.31
Look at this dig, done on a domain that exists as just a forwarder:
# ./dig mnc410.mcc310.gprs soa
; <<>> DiG 9.2.2 <<>> mnc410.mcc310.gprs soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10264
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;mnc410.mcc310.gprs. IN SOA
;; ANSWER SECTION:
mnc410.mcc310.gprs. 600 IN SOA
wcrdns1.mnc410.mcc310.gprs. root.wcrdns1.mnc410.mcc310.gprs. 2006030303
600 3600 1209600 600
;; AUTHORITY SECTION:
mnc410.mcc310.gprs. 600 IN NS
wcrdns1.mnc410.mcc310.gprs.
mnc410.mcc310.gprs. 600 IN NS
atlrdns1.mnc410.mcc310.gprs.
;; ADDITIONAL SECTION:
wcrdns1.mnc410.mcc310.gprs. 604800 IN A 66.102.185.70
atlrdns1.mnc410.mcc310.gprs. 604800 IN A 66.102.184.70
;; Query time: 157 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Fri Mar 17 14:06:55 2006
;; MSG SIZE rcvd: 154
Yet, why does this next one not report similar info. No answer for this
dig.
# ./dig mnc610.mcc310.gprs soa
; <<>> DiG 9.2.2 <<>> mnc610.mcc310.gprs soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1068
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mnc610.mcc310.gprs. IN SOA
;; AUTHORITY SECTION:
. 7070 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2006031601 1800 900 604800 86400
;; Query time: 4 msec
;; SERVER: 12.25.118.5#53(12.25.118.5)
;; WHEN: Fri Mar 17 14:07:15 2006
;; MSG SIZE rcvd: 111
Here is an nslookup for a forwarder:
# nslookup mnc410.mcc310.gprs
Server: youndns1.mnc560.mcc310.gprs
Address: 12.25.118.5
*** No address (A) records available for mnc410.mcc310.gprs
I would expect that, since the A records would be records like
"wap.cingular.mnc410.mcc310.gprs"
# nslookup mnc610.mcc310.gprs
Server: youndns1.mnc560.mcc310.gprs
Address: 12.25.118.5
*** youndns1.mnc560.mcc310.gprs can't find mnc610.mcc310.gprs:
Non-existent host/domain
Yet here, again, forward directive not working.
Here is an nslookup for an A record from a forwarder:
# nslookup
Default Server: youndns1.mnc560.mcc310.gprs
Address: 12.25.118.5
> set d2
> wap.cingular.mnc410.mcc310.gprs
Server: youndns1.mnc560.mcc310.gprs
Address: 12.25.118.5
;; res_nmkquery(QUERY, wap.cingular.mnc410.mcc310.gprs, IN, A)
------------
SendRequest(), len 49
HEADER:
opcode = QUERY, id = 27485, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
wap.cingular.mnc410.mcc310.gprs, type = A, class = IN
------------
------------
Got answer (158 bytes):
HEADER:
opcode = QUERY, id = 27485, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 2, additional
= 2
QUESTIONS:
wap.cingular.mnc410.mcc310.gprs, type = A, class = IN
ANSWERS:
-> wap.cingular.mnc410.mcc310.gprs
type = A, class = IN, dlen = 4
internet address = 66.102.185.193
ttl = 221 (221)
-> wap.cingular.mnc410.mcc310.gprs
type = A, class = IN, dlen = 4
internet address = 66.102.184.193
ttl = 221 (221)
AUTHORITY RECORDS:
-> mnc410.mcc310.gprs
type = NS, class = IN, dlen = 11
nameserver = atlrdns1.mnc410.mcc310.gprs
ttl = 567 (567)
-> mnc410.mcc310.gprs
type = NS, class = IN, dlen = 10
nameserver = wcrdns1.mnc410.mcc310.gprs
ttl = 567 (567)
ADDITIONAL RECORDS:
-> wcrdns1.mnc410.mcc310.gprs
type = A, class = IN, dlen = 4
internet address = 66.102.185.70
ttl = 604767 (604767)
-> atlrdns1.mnc410.mcc310.gprs
type = A, class = IN, dlen = 4
internet address = 66.102.184.70
ttl = 604767 (604767)
------------
Non-authoritative answer:
Name: wap.cingular.mnc410.mcc310.gprs
Addresses: 66.102.185.193, 66.102.184.193
Got it fine.
Now I try for one on the malfunctioning one:
> internet.epictouch.mnc610.mcc310.gprs
Server: youndns1.mnc560.mcc310.gprs
Address: 12.25.118.5
;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A)
------------
SendRequest(), len 55
HEADER:
opcode = QUERY, id = 27486, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
------------
------------
Got answer (130 bytes):
HEADER:
opcode = QUERY, id = 27486, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
type = SOA, class = IN, dlen = 64
ttl = 6409 (6409)
origin = A.ROOT-SERVERS.NET
mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2006031601
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
------------
;; res_nmkquery(QUERY,
internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, IN, A)
------------
SendRequest(), len 74
HEADER:
opcode = QUERY, id = 27487, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
A, class = IN
------------
------------
Got answer (125 bytes):
HEADER:
opcode = QUERY, id = 27487, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
A, class = IN
AUTHORITY RECORDS:
-> mnc560.mcc310.gprs
type = SOA, class = IN, dlen = 39
ttl = 0 (0S)
origin = youndns1.mnc560.mcc310.gprs
mail addr = admin.mnc560.mcc310.gprs
serial = 150
refresh = 3600 (1H)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 43200 (12H)
------------
;; res_nmkquery(QUERY,
internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, IN, A)
------------
SendRequest(), len 67
HEADER:
opcode = QUERY, id = 27488, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
class = IN
------------
------------
Got answer (142 bytes):
HEADER:
opcode = QUERY, id = 27488, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
class = IN
AUTHORITY RECORDS:
-> (root)
type = SOA, class = IN, dlen = 64
ttl = 6409 (6409)
origin = a.root-servers.net
mail addr = nstld.verisign-grs.com
serial = 2006031601
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
------------
*** youndns1.mnc560.mcc310.gprs can't find
internet.epictouch.mnc610.mcc310.gprs: Non-existent host/domain
So I then change the server, to use the target at the end of the forward
directive:
> server 206.253.34.38
;; res_nmkquery(QUERY, 38.34.253.206.in-addr.arpa, IN, PTR)
------------
SendRequest(), len 44
HEADER:
opcode = QUERY, id = 27489, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
38.34.253.206.in-addr.arpa, type = PTR, class = IN
------------
------------
Got answer (96 bytes):
HEADER:
opcode = QUERY, id = 27489, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
38.34.253.206.in-addr.arpa, type = PTR, class = IN
AUTHORITY RECORDS:
-> 34.253.206.in-addr.arpa
type = SOA, class = IN, dlen = 40
ttl = 6869 (6869)
origin = ns1.pld.com
mail addr = root.pld.com
serial = 970215
refresh = 3600 (1H)
retry = 300 (5M)
expire = 3600000 (3600000)
minimum ttl = 86400 (1D)
------------
Default Server: [206.253.34.38]
Address: 206.253.34.38
I try the query directly on the target DNS:
> internet.epictouch.mnc610.mcc310.gprs
Server: [206.253.34.38]
Address: 206.253.34.38
;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A)
------------
SendRequest(), len 55
HEADER:
opcode = QUERY, id = 27490, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
------------
------------
Got answer (117 bytes):
HEADER:
opcode = QUERY, id = 27490, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 1, authority records = 1, additional
= 1
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
ANSWERS:
-> internet.epictouch.mnc610.mcc310.gprs
type = A, class = IN, dlen = 4
internet address = 206.253.34.37
ttl = 86400 (1D)
AUTHORITY RECORDS:
-> mnc610.mcc310.gprs
type = NS, class = IN, dlen = 18
nameserver = ULYSDNS1.mnc340.mcc310.gprs
ttl = 86400 (1D)
ADDITIONAL RECORDS:
-> ULYSDNS1.mnc340.mcc310.gprs
type = A, class = IN, dlen = 4
internet address = 206.253.34.38
ttl = 86400 (1D)
------------
Name: internet.epictouch.mnc610.mcc310.gprs
Address: 206.253.34.37
And I get my answer.
I am totally stumped on this.
-----Original Message-----
From: Stefanick, Andrew
Sent: Thursday, March 16, 2006 8:48 PM
To: Kevin Darcy; bind-users at isc.org
Subject: RE: Forward zone problem
This is the email that started this whole thing.
Look at the final result of this nslookup. Are you saying that this
negative respone will now be in the cache, and even if it COULD work,
this negative response will mask it? Does the expire=604800 in the
final response mean that this negative result will remain in place for
one week??
Andrew, I have followed you direction and created a new domain/zone for
a new roaming partner but we are unable to do nslookups. It does not
appear to be forwarding to the IP address I specified. I have attached
the output from an nslookup with debug turned on. What appears strange
to me is I lookup "internet.epictouch.mnc610.mcc560.gprs" and I see it
trying to resolve
"internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs"
> internet.epictouch.mnc610.mcc310.gprs
Server: youndns1.mnc560.mcc310.gprs
Address: 12.25.118.5
;; res_nmkquery(QUERY, internet.epictouch.mnc610.mcc310.gprs, IN, A)
------------
SendRequest(), len 55
HEADER:
opcode = QUERY, id = 27698, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
------------
------------
Got answer (130 bytes):
HEADER:
opcode = QUERY, id = 27698, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
type = SOA, class = IN, dlen = 64
ttl = 10782 (10782)
origin = A.ROOT-SERVERS.NET
mail addr = NSTLD.VERISIGN-GRS.COM
serial = 2006031401
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
------------
;; res_nmkquery(QUERY,
internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs,
IN, A)
------------
SendRequest(), len 74
HEADER:
opcode = QUERY, id = 27699, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
A, clas
s = IN
------------
------------
Got answer (125 bytes):
HEADER:
opcode = QUERY, id = 27699, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs.mnc560.mcc310.gprs, type =
A, clas
s = IN
AUTHORITY RECORDS:
-> mnc560.mcc310.gprs
type = SOA, class = IN, dlen = 39
ttl = 0 (0S)
origin = youndns1.mnc560.mcc310.gprs
mail addr = admin.mnc560.mcc310.gprs
serial = 143
refresh = 3600 (1H)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 43200 (12H)
------------
;; res_nmkquery(QUERY,
internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, IN, A)
------------
SendRequest(), len 67
HEADER:
opcode = QUERY, id = 27700, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
class = IN
------------
------------
Got answer (142 bytes):
HEADER:
opcode = QUERY, id = 27700, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional
= 0
QUESTIONS:
internet.epictouch.mnc610.mcc310.gprs.mcc310.gprs, type = A,
class = IN
AUTHORITY RECORDS:
-> (root)
type = SOA, class = IN, dlen = 64
ttl = 10782 (10782)
origin = a.root-servers.net
mail addr = nstld.verisign-grs.com
serial = 2006031401
refresh = 1800 (30M)
retry = 900 (15M)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
------------
*** youndns1.mnc560.mcc310.gprs can't find
internet.epictouch.mnc610.mcc310.gprs
: Non-existent host/domain
>
-----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
Sent: Thursday, March 16, 2006 7:29 PM
To: bind-users at isc.org
Subject: Re: Forward zone problem
Stefanick, Andrew wrote:
>I think what I really am asking is:
>
>Given a simple 3 line forward directive, if it is not working, what are
>the potential causes?
>
>1. The DNS server thinks it is authoritive for this zone, so it will
>never forward. If so, how do I prove that theory and correct it.
>
Unlikely that you would have missed that scenario. If you already had an
authoritative (master or slave) zone definition, then the "type forward"
definition would be a duplicate. You'd see an error message to that
effect in the logs or if you ran named-checkconf.
>2. syntax error
>
Syntax error in what? In the "type forward" zone definition? From what
you posted before, the syntax looks fine. You could run named-checkconf
to make sure.
>3. Network connection. But I can do nslookup and set the server to
the
>IP I use in the forwarder, and I can resolve the query.
>
Probably not the *direct* cause then. However, as I mentioned in a
previous message, if you are (mis)configured for "forward first" (which
is the default forwarding mode), and there is a transient problem with
your forwarder, maybe your nameserver would try to query the .gprs name
on the Internet, get an NXDOMAIN response, and store that "negative"
cache entry for some period of time. It's a possibility that's worth
considering, at least...
- Kevin
>-----Original Message-----
>From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
>Sent: Thursday, March 16, 2006 4:57 PM
>To: bind-users at isc.org
>Subject: Re: Forward zone problem
>
>You're aware the that the .gprs TLD *doesn't*actually*exist* in the
>Internet DNS, right? So if your nameserver ever tries to look up .gprs
>names on the Internet, it'll probably get a "no such domain" response,
>and it will cache that "negative" response for some period of time, and
>any .gprs queries it gets in the interim will be responded to with
>NXDOMAIN.
>
>For this reason, in the absence of some special "hints" file, you'll
>need to specify your forwarding mode as "forward only". This will
>prevent your nameserver from going out and trying to resolve names in
>the Internet DNS if there is some sort of transient problem talking to
>the forwarder. That's what I suspect is happening here.
>
>- Kevin
>
>Stefanick, Andrew wrote:
>
>
>
>>Here is a dig for a name that works with a forward zone on the system
>>currently:
>>
>>
>># ./dig wap.cingular.mnc410.mcc310.gprs a
>>
>>; <<>> DiG 9.2.2 <<>> wap.cingular.mnc410.mcc310.gprs a
>>;; global options: printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1122
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
>>
>>;; QUESTION SECTION:
>>;wap.cingular.mnc410.mcc310.gprs. IN A
>>
>>;; ANSWER SECTION:
>>wap.cingular.mnc410.mcc310.gprs. 234 IN A 66.102.184.193
>>wap.cingular.mnc410.mcc310.gprs. 234 IN A 66.102.185.193
>>
>>;; AUTHORITY SECTION:
>>mnc410.mcc310.gprs. 447 IN NS
>>wcrdns1.mnc410.mcc310.gprs.
>>mnc410.mcc310.gprs. 447 IN NS
>>atlrdns1.mnc410.mcc310.gprs.
>>
>>;; ADDITIONAL SECTION:
>>wcrdns1.mnc410.mcc310.gprs. 604647 IN A 66.102.185.70
>>atlrdns1.mnc410.mcc310.gprs. 604647 IN A 66.102.184.70
>>
>>;; Query time: 9 msec
>>;; SERVER: 12.25.118.5#53(12.25.118.5)
>>;; WHEN: Thu Mar 16 16:43:06 2006
>>;; MSG SIZE rcvd: 158
>>
>>#
>>
>>
>>This is a dig against the forwarder that is not working:
>>
>>
>>********************** from epictouch *********************
>>
>># ./dig internet.epictouch.mnc610.mcc310.gprs a
>>
>>; <<>> DiG 9.2.2 <<>> internet.epictouch.mnc610.mcc310.gprs a
>>;; global options: printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47408
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>;; QUESTION SECTION:
>>;internet.epictouch.mnc610.mcc310.gprs. IN A
>>
>>;; AUTHORITY SECTION:
>>. 10800 IN SOA a.root-servers.net.
>>nstld.verisi
>>gn-grs.com. 2006031600 1800 900 604800 86400
>>
>>;; Query time: 118 msec
>>;; SERVER: 12.25.118.10#53(12.25.118.10)
>>;; WHEN: Thu Mar 16 16:44:38 2006
>>;; MSG SIZE rcvd: 130
>>
>>The is no zone file on the machine for any of the configured forward
>>zone. They only exist as directives in named.conf.
>>
>>But I see the posts that DNS will not forward for something it is
>>authoritive for. Where would this authority reside? There are no
zone
>>files with any matching names of the forward zones.
>>
>>My only thought is perhaps the segment mcc310.gprs is somehow
>>authoritive on the server, but that would not explain how the cingular
>>dig worked then.
>>
>>
>>
>>
>>
>>
>>
>>
>>-----Original Message-----
>>From: Stefanick, Andrew
>>Sent: Thursday, March 16, 2006 12:58 PM
>>To: bind-users at isc.org
>>Subject: Forward zone problem
>>
>>I am struggling with a forward zone issue in Bind 9
>>
>>
>>We have many forward zones configured and they work fine. They really
>>amount to no more than a forward directive such as
>>
>>
>>
>>
>>
>>zone "name.of.domain" {
>>
>> type forward;
>>
>> forwarders {w.x.y.z;};
>>
>>};
>>
>>
>>
>>
>>
>>We put in a new one, and it will not work. nslookup shows it
seemingly
>>only trying to resolve the query internally.
>>
>>
>>
>>If I set the server to the IP of the forwarder in the nslookup, then
we
>>can resolve the queries when posed directly to the remote DNS server.
>>So, it is not a networking issue.
>>
>>
>>
>>I do not understand the logic/sequence that occurs when a query is
>>
>>
>posed
>
>
>>that should be sent to a forwarder. Where do the root-server records
>>come in, and why even. Doesn't the forward directive tell the server,
>>"don't even bother, just go to w.x.y.z for the answer"
>>
>>
>>
>>here are some example of using dig against some of the forward zones
>>that work. The AUTHORITY section shows the name of the remote DNS
that
>>controls the domain.
>>
>>
>>
>>When I try dig for the new forwarder, the only AUTHORITY that shows is
>>the A.rootserver.
>>
>>
>>
>>I really don't get it.
>>
>>
>>
>>I ONLY put in the 3 line directive, and I am done.
>>
>>
>>
>>I don't even know what to change/try. It is too simple to implement.
>>
>>
>>
>>
>>
>>
>>
>># ./dig mnc150.mcc310.gprs
>>
>>
>>
>>; <<>> DiG 9.2.2 <<>> mnc150.mcc310.gprs
>>
>>;; global options: printcmd
>>
>>;; Got answer:
>>
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61159
>>
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>
>>
>>;; QUESTION SECTION:
>>
>>;mnc150.mcc310.gprs. IN A
>>
>>
>>
>>;; AUTHORITY SECTION:
>>
>>mnc150.mcc310.gprs. 600 IN SOA
>>wcrdns1.mnc410.mcc310.gprs. root
>>
>>.wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
>>
>>
>>
>>;; Query time: 115 msec
>>
>>;; SERVER: 12.25.118.5#53(12.25.118.5)
>>
>>;; WHEN: Thu Mar 16 15:37:45 2006
>>
>>;; MSG SIZE rcvd: 92
>>
>>
>>
>># ./dig mnc170.mcc310.gprs
>>
>>
>>
>>; <<>> DiG 9.2.2 <<>> mnc170.mcc310.gprs
>>
>>;; global options: printcmd
>>
>>;; Got answer:
>>
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3961
>>
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>
>>
>>;; QUESTION SECTION:
>>
>>;mnc170.mcc310.gprs. IN A
>>
>>
>>
>>;; AUTHORITY SECTION:
>>
>>mnc170.mcc310.gprs. 600 IN SOA
>>wcrdns1.mnc410.mcc310.gprs. root
>>
>>.wcrdns1.mnc410.mcc310.gprs. 2006030303 600 3600 1209600 600
>>
>>
>>
>>;; Query time: 99 msec
>>
>>;; SERVER: 12.25.118.5#53(12.25.118.5)
>>
>>;; WHEN: Thu Mar 16 15:38:05 2006
>>
>>;; MSG SIZE rcvd: 92
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
>
>
>
>
More information about the bind-users
mailing list