Strange Behavior
Lawrence MacIntyre
macintyrelp at ornl.gov
Mon Oct 26 18:36:58 UTC 2009
Hi:
I have a name server running named on a closed network. The root
servers name my node and another node (running DNS on a sidewinder
firewall) as authoritative for our domain as well as several
subdomains. Two of the subdomains have their own servers, and we
configured our (allegedly authoritative) servers as slaves to the
subdomain servers. This worked well for several years. Now, these
subdomains have decided (for "security" reasons) that they are going to
disallow zone transfers to us. So we set our servers to forward
requests to the subdomain nameservers. The sidewinder does this, but
our server doesn't. It simply reports that it has no information about
any node in the subdomain. Remote users report that when they use dig
+trace @ourserver node.in.subdomain, they see referrals to the Internet
root servers. Our hints file has the correct root servers, and we don't
even have a file listing the Internet root servers. I cannot verify
their claims, as it doesn't do that when queried from our site, and I
have no access to an account on any remote site.
What does named do when it is listed as authoritative for a domain by
the root servers, but is configured to forward requests for addresses in
that domain? Does anyone know how the remote users could see referrals
to the Internet root servers even though we have the correct root
servers set in our nameserver?
Thanks,
Lawrence
More information about the bind-users
mailing list