forwarding queries to another name server

[Stephen Nizamoff]

Thanks to Barry Margolin and Kevin Darcy for their assistance. This ended up being
very simple.

1. Allowing recursion was part of the problem.
2. Multiple firewalls were in the way of getting the query to the dmz host.

The suggestion of turning  up logging w/ ndc proved very helpful.


> 
> > Hello, I am looking for some help w/ forwarding queries to another name 
> > server. I have
> > looked in the book and it seems simple enough but I am unable to make it 
> > work.
> > 
> > I have a name server in a dmz which is allowed to speak w/ the internet. I 
> > have another
> > name server sitting on our 10 net which cannot access the internet. In the 
> > named.conf
> > on the internal server the "forwarders" option has been set with the ip of 
> > the dmz host. 
> > On the dmz server the "allow-query" option has been set w/ the ip's for the 
> > internal servers.
> 
> If the dmz server has the "allow-recursion" option configured, make sure 
> it includes the addresses of the internal servers.
> 
> Also, if there's any NAT going on between the internal net and the dmz 
> subnet, the addresses in the ACLs on the dmz server must be the 
> translated addresses not the 10.x.x.x addresses.
>