Does global forwarding take precedence over selective forwarding?

Fri Sep 1 12:08:42 UTC 2000

Thank you! Thank you! Thank you!  

This appears to be working so far on our production nameserver, however it
doesn't on another test server in the lab.  I'll check that out.

-----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
Sent: Thursday, August 31, 2000 8:55 PM
To: BIND List (E-mail)
Subject: Re: Does global forwarding take precedence over selective
forwarding?

I have no idea why the selective forwarding didn't work for you. I just tried
the
same kind of configuration -- global forwarding and per-domain forwarding (to
our
MVS WLM/SYSPLEX no less!!) -- and it worked just fine, i.e. the query was
forwarded to the WLM as expected.

You could of course try the iterative alternative: define the zone as "type
stub", and specify "forwarders { }" to cancel the global forwarding for that
branch of the namespace. Then it should query the WLM iteratively.

- Kevin

Treptow, Craig wrote:

> Hi.  This is BIND 8.2.2-p5 on AIX 4.3.  This is an internal DNS server that
> forwards requests to two firewalls and onto the Internet for things it's not
> authoritative for.  This works fine.  To this we wanted to add
> prodplex.principal.com on the internal side and have that serverd by another
> DNS server.  Delegating this child domain won't work, because the forwarding
> takes precedence over the delegation...or so I've learned from this list.
>
> So I've been trying in vain to get selective forwarding to work for this
child
> domain.  By everything I've read what I've shown below should work.
>
> When I go "ndc trace", I don't get a named.run.
>
> So is the forwarding to our firewalls somehow stopping the selective
> forwarding?  If not, does anybody have some other tips to help me debug
this?
>
> Here are my dig sessions followed by snippets of my named.conf:
>
> nameserver1.principal.com # dig @162.131.250.150
wlmftp.prodplex.principal.com
> <
>
> ; <<>> DiG 8.2 <<>> @162.131.250.150 wlmftp.prodplex.principal.com
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      wlmftp.prodplex.principal.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> wlmftp.prodplex.principal.com.  1S IN A  162.131.250.150
>
> ;; AUTHORITY SECTION:
> prodplex.principal.com.  1D IN NS  mvst.prodplex.principal.com.
> prodplex.principal.com.  1D IN NS  mvse.prodplex.principal.com.
>
> ;; ADDITIONAL SECTION:
> mvst.prodplex.principal.com.  1D IN A  162.131.250.150
> mvse.prodplex.principal.com.  1D IN A  162.131.250.105
>
> ;; Total query time: 22 msec
> ;; FROM: nameserver1.principal.com to SERVER: 162.131.250.150
> ;; WHEN: Thu Aug 31 19:54:27 2000
> ;; MSG SIZE  sent: 47  rcvd: 155
>
> nameserver1.principal.com # dig wlmftp.prodplex.principal.com
>
> ; <<>> DiG 8.2 <<>> wlmftp.prodplex.principal.com
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      wlmftp.prodplex.principal.com, type = A, class = IN
>
> ;; AUTHORITY SECTION:
> principal.com.          6H IN SOA       nameserver1.principal.com.
> kratochvil.k(
>                                         2000083102      ; serial
>                                         3H              ; refresh
>                                         1H              ; retry
>                                         1W              ; expiry
>                                         6H )            ; minimum
>
> ;; Total query time: 5 msec
> ;; FROM: nameserver1.principal.com to SERVER: default -- 0.0.0.0
> ;; WHEN: Thu Aug 31 19:55:41 2000
> ;; MSG SIZE  sent: 47  rcvd: 125
>
> options {
>         directory "/usr/local/named";
>         pid-file "/etc/named.pid";
>         named-xfer "/usr/local/bin/bind/named-xfer";
>         notify yes;
>         check-names master ignore;              /* default. */
>         check-names slave  ignore;
>         listen-on port 53 { any; };
>         forward only;
>         forwarders {204.167.169.129;204.167.169.131;};
>         allow-query { any; };
>         allow-transfer { dns-secondary-servers; };
>         transfer-format many-answers;
> };
> ...
> zone "prodplex.principal.com" {
>         type forward;
>         forward only;
>         forwarders {162.131.250.150; 162.131.250.105;};
> };
>
> zone "principal.com" IN {
>         type master;
>         file "db.principal.com";
>         allow-update { none; };
>         allow-transfer { dns-secondary-servers; unix-servers; };
> };
>
> Thanks!
>
> Craig Treptow
> Principal Financial Group
> I/S Network Administration
> (515) 247-6207