2000/Bind and General Questions

Danny Mayer mayer at gis.net
Wed Sep 18 03:39:53 UTC 2002 

At 11:37 AM 9/17/02, Smith, John wrote:
>All,
>
>         I have noticed what I feel is 'strange' behavior in the resolver and
>wanted to ask if the behavior is normal and I just missed something in the
>docs and searching through the list archives.  (My apologies if I missed the
>answer in either.)  We were setting up a Bind server on a Windows 2000
>platform and noticed that clients could resolve names and addresses
>properly, but the server itself could not.  After digging a little further
>(and moving resolv.conf to the correct directory -
>%windir%\system32\drivers\etc) things starting working much better except
>for a nuance.  (I am using test.net as an example.)  Following was my
>original resolv.conf:
>
>search test.net sz.test.net
>server 1.2.3.4
>server 5.6.7.8
>server 1.2.3.5
>
>         Server 1.2.3.4 is the 2000 Bind server and it is authoritative for
>the test.net zone.  Sz.test.net is delegated to servers 5.6.7.8 (primary)
>and 1.2.3.5 (secondary).
>
>         The behavior: Server 1.2.3.4 (authoritative for test.net) could
>resolve systems in its domain (test.net) but it could not in subzone
>sz.test.net.

It's not supposed to on its own.  If you set up BIND to disallow recursive
queries then it will not request the authorative server for the information
even assuming that you set up the sz.test.net delegation correctly
on the 1.2.3.4 server. If it is non-recursive then it will merely return
the delegation records and the resolver is expected to go request the
information from one of those delegated servers.

The list of servers in resolv.conf only gets used by a resolver in case the
one it's using does not respond to a request. The details of this is left
to the implementation of the resolver. In your case you cannot expect
that the next server in the list will be queried if the first one doesn't 
supply
a positive answer since it did respond. That the response did not have the
answer you were looking for is by design.

You need to post your named.conf file to tell why 1.2.3.4 does not
give you the required answer.

>   I then changed the search order in resolv.conf to the
>following:
>
>search sz.test.net test.net
>
>         At this point everything resolved properly, although now it takes
>the server an additional query to resolve anything in its domain (test.net).
>
>         Just for grins I set up a Bind server with the same configuration on
>a RH Linux box and saw the same results.
>
>         My question is simply do I have something wrong in my configuration
>files or is this normal behavior?  And if it is normal behavior does anyone
>know the logic behind it?

First of all it is important for you to understand that the resolv.conf file is
ONLY used by the tools that come with BIND 9: dig, nslookup, host
and nsupdate.  It is NOT used by named itself.

Second, the applications other than those tools will ONLY use named
running on the box if you have configured the nameservers listed in
the Network MMC/Control Panel to do so.  If you want to include the
localhost loopback (127.0.0.1) in the list you need to go to the registry and
edit the nameserver list since the "Wizard" actively prevents you from
entering ANY 127.x.x.x address in the list.

Danny

>         Specific configuration information: Windows 2000 Server running Bind
>9.2.1, RedHat Linux 7.1 workstation running Bind 9.1.0.
>
>         Thanks everyone.
>
>John
>
>=========================================
>John Smith
>Sys Admin
>Minolta-QMS, Inc.
>1 Magnum Pass
>Mobile, AL  36618
>251.633.4300
>=========================================
>

More information about the bind-users mailing list