?'s about forwarders

Kevin Darcy kcd at daimlerchrysler.com
Sat Sep 16 01:02:33 UTC 2000 

Sorry, I've read that several times and I still don't understand it. When you
say "forwarding", or "forward-only", you're talking about the *global* setting,
right? Because it doesn't make sense to say that you are a slave, and that you
forward, for the same zone. Also, what do you mean when you say a forwarder is
being given as the SOA record? SOA records are composed of multiple values,
only 2 of which are names. Do you mean the SOA.MNAME is set to the
forwarder? Without knowing the exact relationship of your forwarder to your
internal or external namespace, I have no idea what that signifies (other than
the fact, that you pointed out, that it differs from what is in your "db"
file).

If you're a slave, and ZONE TRANSFERS ARE SUCCEEDING, then your answers for the
zone, BUT NOT NECESSARILY SUBZONES, should correspond to what's in your
(replicated) zone file. So if there are discrepancies, the usual causes would
be:

1) zone transfers aren't succeeding (which could result in expiration of the
zone)

2) the discrepancies aren't in the zone you think they are, they're in some
other zone, e.g. a subzone

That's a couple of things to check, at least. In lieu of real server and domain
names, could you at least use symbolic names, e.g. Zone A on Server #1?

As for "chaining" forwarders, it's just bad practice. You're building a fragile
house of cards. And think of the latency delays you're introducing with that
conga-line of nameservers passing the query and response packets back and
forth. Forwarding is bad enough with even just *one* hop. When you chain
forwarders, you make it a monstrosity.


- Kevin

beetle bailey wrote:

> First I'd like to apologize for not providing any specifics, but this is all
> info that's only available internally so I'm afraid it wouldn't help anyway.
>   I hope it's not too confusing.
>
> Is there any reason a forward-only nameserver won't respond to a query for a
> zone that it is a slave for with info from one of it's db files?  We have 2
> servers, both forward-only and both slaves for this particular domain but
> they give out different mx records.  Also, they both give out the same soa
> record which is not the master of the zone listed in their named.conf files
> but rather the first forwarder listed there.  One server gives out the mx
> records listed in the db file that should have come from the master for the
> zone and the other gives out the mx records from the forwarder (which are
> the mail servers available to the rest of the internet but not our internal
> network -- hence the initial problem).  I would have thought the soa record
> for the zone we're a slave for would come from the db file listed in
> named.conf but it seems to come from the forwarder even though mx records
> seem to come on one server from the local db file and the other from the
> forwarder.  Can someone explain why that is?  On top of this, it turns out
> the administrator that called me (who belongs to another subdomain that
> controls their own nameservers) with the initial report of undeliverable
> mail is forwarding all requests other than their own domain to our servers
> which are slaves for all of the internal domains but are also set up as
> forwarders themselves.  DNS & BIND cautions against this, though I have to
> admit I don't understand why.  I'd appreciate whatever  info you can give
> me.  Thanks.
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.

More information about the bind-users mailing list