Newbie Q - Can't resolve external queries

[Joseph S D Yao]

On Sat, Jan 15, 2000 at 12:51:45PM -0800, Phil Elia wrote:
> Barry,
> 
> Thanks for responding and sorry for being vague about this problem.
> 
> This is a firewall situation where our parent site (company.com) provides
> firewall protection for most of the subdomains.  Furthermore, most
> subdomains have no internal DNS servers running.  WinNT lans use the WINS
> facility and Host files.  All external queries have to pass through the two
> company.com name servers. Our site is one of the few sites that have
> internal DNS running.  We're the only site with an WinNT Bind DNS
> implementation.

For which reason, if I am reading this correctly, it sounds like they
don't have a good idea how to do this.  But don't tell them that.  It
doesn't make for good co-operation on their part.

...

> First, the company.com DNS admins told me to make two entries in db.cache
> for the two company.com nameservers.  I did this and nothing improved.  Now
> they are telling me that I need two IN NS entries for the two company.com
> nameservers in the db files.

To resolve Internet addresses, you must "forward" to their name
servers.  Since the tests you mentioned show that you can NOT reach the
root name servers, you should make your name server "forward only".  I
think that parts of this have been mentioned already.

SEPARATE PROCEDURE:

To enable them to resolve your addresses, it is THEY that must put NS
records in THEIR zone files, pointing to YOUR name server, as follows:

In file zone.company.com, serving zone company.com:

yourpart		IN  NS	yourserver1.yourpart.company.com
yourpart		IN  NS	yourserver2.yourpart.company.com
yourserver1.yourpart	IN  A	W.X.Y.Z1
yourserver2.yourpart	IN  A	W.X.Y.Z2

Hope this helps.

-- 
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.