Newbie Q - Can't resolve external queries
Joseph S D Yao
jsdy at cospo.osis.gov
Thu Jan 27 20:50:26 UTC 2000
On Sat, Jan 15, 2000 at 12:51:45PM -0800, Phil Elia wrote:
> Barry,
>
> Thanks for responding and sorry for being vague about this problem.
>
> This is a firewall situation where our parent site (company.com) provides
> firewall protection for most of the subdomains. Furthermore, most
> subdomains have no internal DNS servers running. WinNT lans use the WINS
> facility and Host files. All external queries have to pass through the two
> company.com name servers. Our site is one of the few sites that have
> internal DNS running. We're the only site with an WinNT Bind DNS
> implementation.
For which reason, if I am reading this correctly, it sounds like they
don't have a good idea how to do this. But don't tell them that. It
doesn't make for good co-operation on their part.
...
> First, the company.com DNS admins told me to make two entries in db.cache
> for the two company.com nameservers. I did this and nothing improved. Now
> they are telling me that I need two IN NS entries for the two company.com
> nameservers in the db files.
To resolve Internet addresses, you must "forward" to their name
servers. Since the tests you mentioned show that you can NOT reach the
root name servers, you should make your name server "forward only". I
think that parts of this have been mentioned already.
SEPARATE PROCEDURE:
To enable them to resolve your addresses, it is THEY that must put NS
records in THEIR zone files, pointing to YOUR name server, as follows:
In file zone.company.com, serving zone company.com:
yourpart IN NS yourserver1.yourpart.company.com
yourpart IN NS yourserver2.yourpart.company.com
yourserver1.yourpart IN A W.X.Y.Z1
yourserver2.yourpart IN A W.X.Y.Z2
Hope this helps.
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list