question about forwarding...

[sid_shapiro at bio-rad.com]

Hello,
I just ran into a forwarding problem that is beating the heck out of me 
and my colleagues.

Our environment is "bind  8.4.5-REL" for our top-level company domain 
(bio-rad.com) and lots of sub domains. We also have an active directory 
domain controller as the server for the windows domain 
(global.bio-rad.com).

Today we tried, on the bind servers, changing the global.bio-rad.com 
domain from a slave to a forwarding entry. The slave setup worked just 
fine. However the forwarding entry does not.

What is killing me is that I have several other forwarding zone setup and 
all of them work. I have an inverse domain which is forwarded to the same 
AD servers and that works just fine as well. It is just the forward 
lookups that fail.

In trying to debug things I turned on some network packet tracing. When I 
do a lookup on the inverse zone, I see network packets. When I try a 
lookup into the "global" zone, I see no network traffic.

In testing I've done hang-up signals as well as actually stopping and 
restarting the server. 

I've even setup forwarding to another set of AD domain controllers in a 
lab with a bogus/test domain and they all work. Everything I try works 
except this particular forwarding zone.

I've eliminated the possibilities of "typos" in the named.conf file in as 
many ways as occurs to me.

I've tried turning on some debugging in both dig/nslookup as well as on 
the bind server and I'm afraid I don't have enough background to parse the 

debugging logs.

I'm looking for suggestions on what to try, what to look for, help?
Thanks,
/ Sid /