forwarding a subdomain

[Edward Buck]

Hi there,

I'm trying to setup a subdomain via forwarding and I'm seeing some 
unexpected behavior (unexpected for me, not necessarily for bind or 
you).  Here's the scenario:

I have a public nameserver, i.e. ns1.domain.com, which is authoritative 
for domain.com.  In the zone file for domain.com, I've delegated a 
subdomain to another nameserver by doing:

sub      IN NS  ns1-sub.domain.com.
ns1-sub  IN A   80.80.80.80  ; public ip

Now, on ns1-sub.domain.com, I've configured bind with the following zone:

zone "sub.domain.com" {
         type forward;
         forward first;
         forwarders {
         10.5.5.1 port 10053; // private ip
         };
};

The 10.5.5.1 host above is on a private network accessible to ns1-sub 
but not to the general public.

The goal is to have ns1-sub resolve all queries for the subdomain 
sub.domain.com by forwarding each request to the internal server at 
10.5.5.1.

Now, here's what I don't understand.  If I query ns1-sub directly for a 
host in sub.domain.com (i.e. host.sub.domain.com), the forwarding works 
as expected.  If I query ns1-sub using a different nameserver (i.e. from 
my ISP nameserver), the query works ONLY If ns1-sub has cached the data. 
  If it's not in the cache, there's no answer.  This suggests that the 
forwarding doesn't work for recursive queries.

Can anyone explain to me if this is normal behavior?  I'm guessing that 
it has something to do with authoritative/non-authoritative answers and 
possibly subdomain delegation issues but I'm stumped.  I'm using bind 
9.2.1 on debian woody.

Thanks.
Ed