bind 9.4.1: bug or feature?

[Adam Tkac]

Tom Schmitt napsal(a):
> Hi,
>
> I'm using Bind 9.4.1 for my internal DNS where I have a domain with the name local.
>
> Now I have to forward a subdomain of this through a firewall to another DNS-server. Nothing easier than that (I thought) and added the following statement to my named.conf:
>
> zone "xyz.local" {
>         type forward;
>         forwarders { 1.2.3.4; 5.6.7.8; };
>         forward only;
> };
>   

Should works fine

> And I was happy till I tested it: I doesn't work. After a rndc reconfig the named still doesn't know anything about the domain xyz.local.
> A networkscan revealed that named don't even try to ask one of the forwarders.
>
> So I thought i have some kind of syntax-error in my statement and checked the logfiles of named: But there was no errormessage of any kind, not a warning, not even a info-message which indicate a problem with my forwarding-statement.
>   

Did you try increase debug level (rndc trace 99) and after there reload? 
It could get info where exactly is problem (if somewhere in named). Also 
check if your firewall doesn't blocks responses from forwarders (capture 
outgoing and incomming network traffic with tcpdump or dnscap and check 
if queries going correctly to forwarder and if your server recieves 
response)

> I tried a lot of things, but in the end the following brought my statement to work: I added the following record to my local.-zone:
>
> xyz.local. 3600  IN NS nosuchserver.xyz.local.
>
> Together with this record my forward-statement is working fine! Even tough the mentioned server doesn't exist.
>
> So what I don't understand: Why is it necassary to add this record? Is it a bug in Bind 9.4.1? Or is this intentional? And if it is intentional, why is there no error-message if it is missing? 
>
> Tom.

Adam