forwarding zone on BIND 8.2.2-P5

[Toby Chappell]

In article <39207AD2.22266310 at daimlerchrysler.com>,
Kevin Darcy  <kcd at daimlerchrysler.com> wrote:
#Okay, so let's get to the "problem" here: lack of packet activity
#between your nameserver and its forwarder. This can be explained
#entirely by caching. On the first query, your nameserver forwards the
#query and gets an answer back, either that the name exists, or that it
#doesn't. It caches that answer for some length of time (governed by
#either the TTL of the record, in the case of a positive response, or by
#a field in the SOA record of the zone, in the case of a negative
#response). As long as the record remains in the cache, your nameserver
#will answer from that cached record instead of forwarding queries
#upstream.


Thanks for all the responses so far, but you all are missing a point
I should have more clear in my original post:

Our main nameservers (the only ones you can query from outside our domain)
are currently acting as secondaries for the domain I am experimenting with.
The name server I am using to figure out how to do a forwarding only zone,
and the one I have been referring to, is query restricted *only* to my 
workstation.    Trying to reverse any record in 131.96.22 will not tell
you anything related to my problem (unless you are on my workstation :) 
The main name server (the one currently acting as a secondary, which is 
what you are querying) is functioning just fine; the forwarding zone I am 
trying to set up on my workstation as described, is not.

So that there are no misunderstandings, here is my complete named.conf file:

--------------- named.conf -------------------------------------------------

acl query-allow {   
  localhost;
  131.96.32.182;
};

options {
	directory "/etc/named.d";
    allow-query { query-allow; };
};

zone "." {
	type hint;
	file "root.cache";
};

zone "0.0.127.in-addr.arpa" {
	type master;
	file "localhost.rev";
};

zone "Gsu.EDU" {
	type master;
    file "named.hosts";
};

zone "96.131.in-addr.arpa" {
	type master;
	file "named.rev";
};

zone "22.96.131.in-addr.arpa" {
        type forward;
        forward only;
        forwarders { 131.96.22.199; };
};

zone "CS.Gsu.EDU" {
        type forward;
        forward only;
        forwarders { 131.96.22.199; };
};

--------------- end named.conf ---------------------------------------------

the CS.Gsu.EDU/131.96.22.* zone is the one I am trying to set up as 
forward-only.

Here is the complete named.hosts file:

--------------- named.hosts ------------------------------------------------

@		in	soa	evoken.Gsu.EDU.	root.mailhost.Gsu.EDU.	(
				2000051204    ; serial yymmdd##
				600			; refresh every 10 minutes
				300			; retry every 5 minutes
				3600000		; expires after 1000 hours
				14400		; minimum - default ttl of 4 hours
				)
		in	ns	ns.Gsu.EDU.
		in	ns	ns1.Gsu.EDU.
		in	ns	ns2.Gsu.EDU.
		in	mx	10	mailhost.Gsu.EDU.
		in	a	131.96.32.182


localhost	in	a	127.1
loghost		in	cname	localhost

evoken	in	a	131.96.32.182

CS.Gsu.EDU.				in		a		131.96.22.199
						in		ns		ns.CS.Gsu.EDU.

--------------- named.hosts ------------------------------------------------
As you can see, only the local workstation, and "A" and "NS" records for the 
CS.Gsu.EDU name server are present.   When I try to resolve "A" records in 
the CS.Gsu.EDU domain, they are forwarded to  131.96.22.199 and resolved
correctly.  I can verify this both by the fact they resolve even though they
are not defined locally, and I can snoop the network traffic.


This is the complete named.rev file:

--------------- named.rev --------------------------------------------------

@	in	soa	evoken.Gsu.EDU.	sysnet.evoken.Gsu.EDU.	(
				2000051204    ; serial yymmdd##
				600			; refresh every 15 minutes
				300			; retry every 5 minutes
				3600000		; expire after 1000 hours
				14400		; minimum - default ttl of 4 hours
				)
	in	ns	ns.Gsu.EDU.
	in	ns	ns1.Gsu.EDU.
	in	ns	ns2.Gsu.EDU.

182.32	in	ptr	evoken.Gsu.EDU.
199.22	in	ptr	CS.Gsu.EDU.

--------------- named.rev --------------------------------------------------

As you can see, only the local workstation, and a "PTR" record for the
CS.Gu.EDU name server are present.  Attempts to resolve the PTR record for
anything in 131.96.22 fail to be forwarded.  I can tell this both the fact
they return a "Non-existent host/domain" message, and there is no network
traffic generated to the CS.Gsu.EDU nameserver.  There should not be an
issue with caching to explain the lack of network traffic, since the record
is not defined locally and is not in a cache since it doesn't resolve at all.

It would seem that something in my configuration is telling this experimental
name server to forward "A" record resolve requests, but not "PTR" records.
I am guessing it is either something in the zone definition (see named.conf, 
above) or in my named.rev file (see also above).

Any further help is greatly appreciated.   If you would like to be able to
query this name server I am experimenting with to help me diagnose the 
problem, please contact me and I can add you to the query ACL.



thanks
toby
--
Toby Chappell                                               Georgia State Univ.
Lead Software System Engineer                                  Atlanta, Georgia 
UNIX Support                                              Phone: (404) 651-1062
tchappell at gsu.edu                                           Fax: (404) 651-4408