subdomain forwarders problem

[Cricket Liu]

> I seem to have hit an issue with subdomains and the way BIND handles them
as
> forward zones.  I'm running 8.2.2_P5 everywhere.  Basically we have
> authoritative servers for each of several subdomains in our network, for
> instance:
>
> ns00.devel.name.dom is authoritative for devel.name.dom
> ns00.test.name.dom is authoritative for test.name.dom
> ns00.sv.name.dom is authoritative for sv.name.dom
>
> We also have the two name servers listed as authoritative for name.dom and
> they are publicly addressed.  They hold secondary zones for everything
> in the test, sv, and devel subdomains.  The idea being here that all
> hosts in devel.name.dom will resolve DNS from their respective subdomain
> server, and if that server doesn't know the answer it is set globally to
> "forward only;" to the two public name servers.
>
> This idea works great except for one of the servers.  We don't want to
have
> the authoritative information for our second level domain (name.dom) held
> on the publicly addressed server for security reasons.  We'd rather have
it
> stored on, say, ns00.test.name.dom, and then secondaried to the public
> servers.  But, as soon as I put in a master zone statement in named.conf
for
> "name.dom", the server apparently thinks that the name.dom zone file
should
> contain authoritative information for all the subdomains denver, test, and
> sv, and it will immediately stop forwarding requests for any of those
hosts
> to the outside DNS servers.  It starts returning NXDOMAIN errors.

It sounds like you're missing NS records delegating the name.dom subzones
in the name.dom zone data file.  But that's just a guess.

cricket

Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com

Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class!  See www.acmebw.com/training.htm for
the schedule and to register for upcoming classes.