forwarding a subdomain

David Botham DBotham at OptimusSolutions.com
Mon Nov 15 15:47:38 UTC 2004 

bind-users-bounce at isc.org wrote on 11/11/2004 11:03:36 PM:
> Hi there,
> 
> I'm trying to setup a subdomain via forwarding and I'm seeing some 
> unexpected behavior (unexpected for me, not necessarily for bind or 
> you).  Here's the scenario:
> 
> I have a public nameserver, i.e. ns1.domain.com, which is authoritative 
> for domain.com.  In the zone file for domain.com, I've delegated a 
> subdomain to another nameserver by doing:
> 
> sub      IN NS  ns1-sub.domain.com.
> ns1-sub  IN A   80.80.80.80  ; public ip
> 
> Now, on ns1-sub.domain.com, I've configured bind with the following 
zone:
> 
> zone "sub.domain.com" {
>          type forward;
>          forward first;
>          forwarders {
>          10.5.5.1 port 10053; // private ip
>          };
> };
> 
> The 10.5.5.1 host above is on a private network accessible to ns1-sub 
> but not to the general public.
> 
> The goal is to have ns1-sub resolve all queries for the subdomain 
> sub.domain.com by forwarding each request to the internal server at 
> 10.5.5.1.
> 
> Now, here's what I don't understand.  If I query ns1-sub directly for a 
> host in sub.domain.com (i.e. host.sub.domain.com), the forwarding works 
> as expected.  If I query ns1-sub using a different nameserver (i.e. from 

> my ISP nameserver), the query works ONLY If ns1-sub has cached the data. 

>   If it's not in the cache, there's no answer.  This suggests that the 
> forwarding doesn't work for recursive queries.

Name servers "forward" in response to "recusive" queries, not iterative 
queries.  That is why when you query directly with say, dig, and you don't 
turn off recursion, you get the answer.  A first time query (data not 
cached on ns1-sub) from another name server will not work, the other name 
server will be sending an iterative query.

hth,

Dave...


> 
> Can anyone explain to me if this is normal behavior?  I'm guessing that 
> it has something to do with authoritative/non-authoritative answers and 
> possibly subdomain delegation issues but I'm stumped.  I'm using bind 
> 9.2.1 on debian woody.
> 
> Thanks.
> Ed
> 
>

More information about the bind-users mailing list