Forwarding to master server doesn't work?

Sat Dec 11 03:59:20 UTC 2004

In article <cpcufp$s34$1 at sf1.isc.org>,
 Jeff Stevens <jstevens at vnet.ibm.com> wrote:

> I'm working on a customer configuration that I replicated, and he uses a
> slave server to slave one domain from a master and uses forwarding to
> the master for all other queries that come to the slave server.  Queries
> to the slave for names in the slaved zone work, but queries to the slave
> for names outside the slaved zone (which the master should "know") don't
> get a response (forwarding isn't working?).  I'm wondering what I need 
> to look at here...
> 
> The relevant slave zone portions are:
> 
> options {
> 	recursion yes;
> 	forward only;
> 	forwarders {
> 		 9.5.56.157;
> 	};
> 	listen-on port 54 {

I'm not sure if it's true of this option in BIND 9, but in earlier 
releases when you specified the port on the command line, this same port 
was used as the destination when sending out recursive queries.  If BIND 
9 is still like this, the problem is that the slave is sending to port 
54 when it queries the master.

> 		9.5.129.153;
> 	};
> 	query-source address * port *;
> };
> 
> zone	"S020AG00.BRANCH.AGF" {
> 	type slave;
> 	masters {
> 		9.5.56.157;
> 	};
> 	forward only;

Why do you have this option here?  It's only meaningful in a "type 
forward" zone.

> 	check-names ignore;
> 	dialup no;
> 	max-transfer-time-in 60;
> 	notify yes;
> };
> 
> 
> Query to master for a domain shows it exists:
> 
> 
> D:\CheckOut>dig @rs018 s02tb100.branch.agf.
> 
> ; <<>> DiG 9.3.0rc4 <<>> @rs018 s02tb100.branch.agf.
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 168
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;s02tb100.branch.agf.           IN      A
> 
> ;; ANSWER SECTION:
> s02tb100.branch.agf.    86400   IN      A       9.5.56.157
> 
> ;; AUTHORITY SECTION:
> branch.agf.             86400   IN      NS      s02tb100.branch.agf.
> 
> ;; ADDITIONAL SECTION:
> s02tb100.branch.agf.    86400   IN      A       9.5.56.157
> 
> ;; Query time: 30 msec
> ;; SERVER: 9.5.56.157#53(rs018)
> ;; WHEN: Fri Dec 10 12:34:15 2004
> ;; MSG SIZE  rcvd: 83
> 
> 
> Query to the slave give no answer, althought the forwarding is setup:
> 
> 
> D:\CheckOut>dig @rchmach  -p 54 s02tb100.branch.agf.
> 
> ; <<>> DiG 9.3.0rc4 <<>> @rchmach -p 54 s02tb100.branch.agf.
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1323
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;s02tb100.branch.agf.           IN      A
> 
> ;; Query time: 10 msec
> ;; SERVER: 9.5.129.153#54(rchmach)
> ;; WHEN: Fri Dec 10 12:40:15 2004
> ;; MSG SIZE  rcvd: 37

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***