Queries regarding forwarders

Barry Margolin barmar at alum.mit.edu
Wed Aug 8 16:19:39 UTC 2018 

In article <mailman.281.1533736999.803.bind-users at lists.isc.org>,
 Blason R <blason16 at gmail.com> wrote:

> Hi there,
> 
> I am bit confused about DNS forwarders. I have two BIND Servers one is
> being used as Authoritative DNS server which has forwarder set to other
> server like this
> 
> Auth Server  for xvyz.com 192.168.3.15
> Recursive Server 192.168.3.44
> 
> Now if I am debugging from client side using -debug option I see
> 192.168.3.15 is directly resolving with ROOT DNS Servers though I have
> recursive no; option set in my BIND config. Ideally the query should have
> gone to 192.168.3.44 but in debug I am seeing the below output.

The response says "recursion available". Are you sure you disabled 
recursion?

Note that if you want to use forwarders, you have to enable recursion. 
Forwarding is only done when the server is recursing, it tells it to 
send to the forwarder instead of the servers named in the NS records.

What makes you think the server is directly resolving instead of going 
to the forwarder? There's nothing in the response that tells you where 
it got the answer from.

> 
> Well how do I trace if forwarding is happening?
> 
> ************************
> C:\Users\Administrator>nslookup -type=a -debug www.cisco.com
> ------------
> Got answer:
>     HEADER:
>         opcode = QUERY, id = 1, rcode = NOERROR
>         header flags:  response, auth. answer, want recursion, recursion
>         questions = 1,  answers = 1,  authority records = 2,  additional
> 
>     QUESTIONS:
>         15.3.168.192.in-addr.arpa, type = PTR, class = IN
>     ANSWERS:
>     ->  15.3.168.192.in-addr.arpa
>         name = dns.xyz.com
>         ttl = 10800 (3 hours)
>     AUTHORITY RECORDS:
>     ->  3.168.192.in-addr.arpa
>         nameserver = dns02.xyz.com
>         ttl = 10800 (3 hours)
>     ->  3.168.192.in-addr.arpa
>         nameserver = dns.xyz.com
>         ttl = 10800 (3 hours)
>     ADDITIONAL RECORDS:
>     ->  dns.xyz.com
>         internet address = 192.168.3.15
>         ttl = 10800 (3 hours)
>     ->  dns02.xyz.com
>         internet address = 192.168.3.14
>         ttl = 10800 (3 hours)
> 
> ------------
> Server:  dns.xyz.com
> Address:  192.168.3.15
> 
> ------------
> Got answer:
>     HEADER:
>         opcode = QUERY, id = 2, rcode = NOERROR
>         header flags:  response, want recursion, recursion avail.
>         questions = 1,  answers = 5,  authority records = 13,  additiona
> 
>     QUESTIONS:
>         www.cisco.com, type = A, class = IN
>     ANSWERS:
>     ->  www.cisco.com
>         canonical name = www.cisco.com.akadns.net
>         ttl = 838 (13 mins 58 secs)
>     ->  www.cisco.com.akadns.net
>         canonical name = wwwds.cisco.com.edgekey.net
>         ttl = 299 (4 mins 59 secs)
>     ->  wwwds.cisco.com.edgekey.net
>         canonical name = wwwds.cisco.com.edgekey.net.globalredir.akadns.
>         ttl = 14531 (4 hours 2 mins 11 secs)
>     ->  wwwds.cisco.com.edgekey.net.globalredir.akadns.net
>         canonical name = e2867.dsca.akamaiedge.net
>         ttl = 3599 (59 mins 59 secs)
>     ->  e2867.dsca.akamaiedge.net
>         internet address = 23.57.126.108
>         ttl = 19 (19 secs)
>     AUTHORITY RECORDS:
>     ->  net
>         nameserver = a.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = l.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = e.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = i.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = d.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = f.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = b.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = h.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = g.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = c.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = k.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = j.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ->  net
>         nameserver = m.gtld-servers.net
>         ttl = 4663 (1 hour 17 mins 43 secs)
>     ADDITIONAL RECORDS:
>     ->  m.gtld-servers.net
>         internet address = 192.55.83.30
>         ttl = 103500 (1 day 4 hours 45 mins)
>     ->  m.gtld-servers.net
>         AAAA IPv6 address = 2001:501:b1f9::30
>         ttl = 163960 (1 day 21 hours 32 mins 40 secs)
>     ->  d.gtld-servers.net
>         internet address = 192.31.80.30
>         ttl = 77579 (21 hours 32 mins 59 secs)
> 
> ------------
> Non-authoritative answer:
> Name:    e2867.dsca.akamaiedge.net
> Address:  23.57.126.108
> Aliases:  www.cisco.com
>           www.cisco.com.akadns.net
>           wwwds.cisco.com.edgekey.net
>           wwwds.cisco.com.edgekey.net.globalredir.akadns.net
> 
> 
> C:\Users\Administrator>
> **************************************

-- 
Barry Margolin
Arlington, MA

More information about the bind-users mailing list