• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

Forwarder statement issues

Hello
 
As part of a systems migration to RA Airways I am required to to remove RA subdomains from our DNS (that we were formerly authoritative for) and
forward them to our Untrusted DNS which then on -forwards to the RA net DNS servers for the correct (un NAT'd) resolution.
 
I am doing a trial domain at first.
 
I removed the secondary and primary servers from the domain profile of "tpf.uk.ra.com"
Then I pushed the secondary DNS servers then the primary server and the old (NAT) addresses ceased being resolved.
I then put the following DNS forwarder statement in the 'options' of the DNS server
 
zone "tpf.uk.ra.com" {
    type forward;
    forwarders { 10.142.20.60; 10.142.20.61; 10.141.20.60; };
};
 
Then once again pushed the DNS server
When I try to resolve the host (which will now depend upon the forwarder statement in named.conf file) it does NOT resolve&..
============================================================
dho51@starasv109> nslookup bsslive.tpf.uk.ra.com
Server:         127.0.0.1
Address:        127.0.0.1#53
 
** server can't find bsslive.tpf.uk.ra.com: NXDOMAIN
 
dho51@starasv109>
=============================================================
 
However, when I force the lookup to the the first address in the forwarder statement, it does work
Any idea what might be wrong.

(See below for forced lookup with the desired resolution)
 
==================================================================
dho51@starasv109> nslookup bsslive.tpf.uk.ra.com 10.142.20.60
Server:         10.142.20.60
Address:        10.142.20.60#53
 
Non-authoritative answer:
Name:   bsslive.tpf.uk.ra.com
Address: 62.208.174.139
Name:   bsslive.tpf.uk.ra.com
Address: 62.208.174.12
 
===============================================================
 
Any ideas what might be wrong with what I am doing???
0
richsark
Asked:
richsark
  • 7
  • 5
1 Solution
 
giltjrCommented:
What do you mean by "pushed" the DNS server?  I am assuming that you stopped and restarted it, or at least did a kill -HUP.

I am assuming that starasv109 is the DNS server also.

If you did stop/restart/HUP'ed the DNS server and starasv109 is the DNS server, then I suggest that you run nslookup with d2 options and try and debug what it is doing.
0
 
richsarkAuthor Commented:
Hi, pushed is updated dns and or stop/start. Named. D2 does not reveal any answers.  Just want an explanation on my issuer above and why does the fwdr need the domain there for it to work
0
 
giltjrCommented:
Have you looked at named's logs?

What you have coded is right and should forward any requests for hosts in the zone tpf.uk.ra.com to the IP addresses you have listed.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
richsarkAuthor Commented:
Yes, but the domain needs to exist if it does not, the forwarders do not work. That's what I need to know.  Perhaps I need an NS record instead? If yes,  explain
0
 
giltjrCommented:
I'm getting confused as to what your  issue is.

If you want to direct (forward) name resolution requests to specific name servers, you must define the zone in your DNS server as a forward zone and point it to the name servers you want to forward it to.  Which is what you have done.

If you do not do the above, then your DNS server will forward the requests to your default forwarders.

As you are not authoritative for that zone, you should not be defining NS records for it.  In fact you should not even have a zone file for that domain as all you are doing is forwarding the requests.
0
 
richsarkAuthor Commented:
Ok,  so can you help analyze why I have this issue from my example on the first thread. And also what is the best solution to my delema.
0
 
giltjrCommented:
What OS and DNS server are you running?

Again, from what I have seen you should be able to do "nslookup bsslive.tpf.uk.ra.com" and it work.  So the next step is to figure out what DNS server you are using, see what logging it has and start looking at its logs.

Just to make sure, you entered the "nslookup bsslive.tpf.uk.ra.com" on the DNS server, right?
0
 
richsarkAuthor Commented:
.My OS is Solaris and redhat using isc bind 9.3p2
But why when I force the lookup it works?
0
 
giltjrCommented:
Because for some reason your DNS server does not appear to be forwarding the requests.

You can go to:

http://www.netadmintools.com/art233.html

and copy and past the logging config option in your bind.conf files.  Stop and restart your DNS server and then try the nslookup again.

Then remove the logging statements and stop and restart your DNS server again.  Now you can look at the logs to see if they shed any light on the problem.
0
 
richsarkAuthor Commented:
ok, but was looking for a person who has seen this or can explain
0
 
giltjrCommented:
O.K., if you enable the logging you might get your answer.  Hopefully the logs will show some type of error.

Can you post your /etc/resolv.conf and your bind.conf files?

Also, I am assuming that starasv109 is the server you are running bind on.  Is this correct?
0
 
giltjrCommented:
Thanks for the points, but what was the problem?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now