nslookup can't but browser can !

Kevin Darcy kcd at daimlerchrysler.com
Wed Aug 23 23:52:00 UTC 2000 

No, both forms of forwarding look at the cache first. The difference is in what
they do if they don't get a response from the forwarder(s): "forward
first" falls back to iterative resolution; "forward only" doesn't.

Given that, I'd speculate that your forwarder is answering *slowly*. With
"forward first", you timeout and ask the internal servers about the Internet
name, which claim that the name doesn't exist, but with "forward only", it
keeps on retrying the query and eventually gets an answer. On the other hand,
"forward first" works for internal names, because the internal servers know
about them, but "forward only" does not, because apparently your forwarder
doesn't.

This speculation could be verified by enabling debugging on the nameserver.

If this speculation is correct, then:

1) find out why your forwarder is so slow to respond and fix it
2) change the global forwarding option to "forward only"
3) define the apex zones of all your internal domains as slave/stub/forward to
the appropriate servers in order to "override" the forwarding to your Internet
forwarder (for slave or stub zones you may want to specify "forwarders { }" in
order to override forwarding for subzones as well). That way you'll be able to
resolve both internal and external names.


- Kevin

Quadri, Jay wrote:

> I have a similar problem, my DNS box (A) only resolves internal names, and
> forwards Internet request to an internet DNS box (B), also forwards to other
> extranet domestic nameservers (C).  my intranet DNS server has its own hints
> file (not the Internic's, I wrote it, only includes my Intranet DNS boxes as
> root servers).  ping works at all times, nslookup does not depending on the
> forward, if the forwarding is set to:
>
> forward     first ;   I can use nslookup or dig to resolve Domestic names
> but not Internet names (C) .
> (forward first Checks the cache first before forwarding).
>
> forward   only ;   I can resolve Internet names with nslookup or dig, but
> can't resolve other domestic names (C) (forward all request).
>
> Any ideas?
>
>

More information about the bind-users mailing list