Forwarder statement issues
Hello
As part of a systems migration to RA Airways I am required to to remove RA subdomains from our DNS (that we were formerly authoritative for) and
forward them to our Untrusted DNS which then on -forwards to the RA net DNS servers for the correct (un NAT'd) resolution.
I am doing a trial domain at first.
I removed the secondary and primary servers from the domain profile of "tpf.uk.ra.com"
Then I pushed the secondary DNS servers then the primary server and the old (NAT) addresses ceased being resolved.
I then put the following DNS forwarder statement in the 'options' of the DNS server
zone "tpf.uk.ra.com" {
type forward;
forwarders { 10.142.20.60; 10.142.20.61; 10.141.20.60; };
};
Then once again pushed the DNS server
When I try to resolve the host (which will now depend upon the forwarder statement in named.conf file) it does NOT resolve&..
==========================
dho51@starasv109> nslookup bsslive.tpf.uk.ra.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find bsslive.tpf.uk.ra.com: NXDOMAIN
dho51@starasv109>
==========================
However, when I force the lookup to the the first address in the forwarder statement, it does work
Any idea what might be wrong.
(See below for forced lookup with the desired resolution)
==========================
dho51@starasv109> nslookup bsslive.tpf.uk.ra.com 10.142.20.60
Server: 10.142.20.60
Address: 10.142.20.60#53
Non-authoritative answer:
Name: bsslive.tpf.uk.ra.com
Address: 62.208.174.139
Name: bsslive.tpf.uk.ra.com
Address: 62.208.174.12
==========================
Any ideas what might be wrong with what I am doing???
As part of a systems migration to RA Airways I am required to to remove RA subdomains from our DNS (that we were formerly authoritative for) and
forward them to our Untrusted DNS which then on -forwards to the RA net DNS servers for the correct (un NAT'd) resolution.
I am doing a trial domain at first.
I removed the secondary and primary servers from the domain profile of "tpf.uk.ra.com"
Then I pushed the secondary DNS servers then the primary server and the old (NAT) addresses ceased being resolved.
I then put the following DNS forwarder statement in the 'options' of the DNS server
zone "tpf.uk.ra.com" {
type forward;
forwarders { 10.142.20.60; 10.142.20.61; 10.141.20.60; };
};
Then once again pushed the DNS server
When I try to resolve the host (which will now depend upon the forwarder statement in named.conf file) it does NOT resolve&..
==========================
dho51@starasv109> nslookup bsslive.tpf.uk.ra.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find bsslive.tpf.uk.ra.com: NXDOMAIN
dho51@starasv109>
==========================
However, when I force the lookup to the the first address in the forwarder statement, it does work
Any idea what might be wrong.
(See below for forced lookup with the desired resolution)
==========================
dho51@starasv109> nslookup bsslive.tpf.uk.ra.com 10.142.20.60
Server: 10.142.20.60
Address: 10.142.20.60#53
Non-authoritative answer:
Name: bsslive.tpf.uk.ra.com
Address: 62.208.174.139
Name: bsslive.tpf.uk.ra.com
Address: 62.208.174.12
==========================
Any ideas what might be wrong with what I am doing???
ASKER
Hi, pushed is updated dns and or stop/start. Named. D2 does not reveal any answers. Just want an explanation on my issuer above and why does the fwdr need the domain there for it to work
Have you looked at named's logs?
What you have coded is right and should forward any requests for hosts in the zone tpf.uk.ra.com to the IP addresses you have listed.
What you have coded is right and should forward any requests for hosts in the zone tpf.uk.ra.com to the IP addresses you have listed.
ASKER
Yes, but the domain needs to exist if it does not, the forwarders do not work. That's what I need to know. Perhaps I need an NS record instead? If yes, explain
I'm getting confused as to what your issue is.
If you want to direct (forward) name resolution requests to specific name servers, you must define the zone in your DNS server as a forward zone and point it to the name servers you want to forward it to. Which is what you have done.
If you do not do the above, then your DNS server will forward the requests to your default forwarders.
As you are not authoritative for that zone, you should not be defining NS records for it. In fact you should not even have a zone file for that domain as all you are doing is forwarding the requests.
If you want to direct (forward) name resolution requests to specific name servers, you must define the zone in your DNS server as a forward zone and point it to the name servers you want to forward it to. Which is what you have done.
If you do not do the above, then your DNS server will forward the requests to your default forwarders.
As you are not authoritative for that zone, you should not be defining NS records for it. In fact you should not even have a zone file for that domain as all you are doing is forwarding the requests.
ASKER
Ok, so can you help analyze why I have this issue from my example on the first thread. And also what is the best solution to my delema.
What OS and DNS server are you running?
Again, from what I have seen you should be able to do "nslookup bsslive.tpf.uk.ra.com" and it work. So the next step is to figure out what DNS server you are using, see what logging it has and start looking at its logs.
Just to make sure, you entered the "nslookup bsslive.tpf.uk.ra.com" on the DNS server, right?
Again, from what I have seen you should be able to do "nslookup bsslive.tpf.uk.ra.com" and it work. So the next step is to figure out what DNS server you are using, see what logging it has and start looking at its logs.
Just to make sure, you entered the "nslookup bsslive.tpf.uk.ra.com" on the DNS server, right?
ASKER
.My OS is Solaris and redhat using isc bind 9.3p2
But why when I force the lookup it works?
But why when I force the lookup it works?
Because for some reason your DNS server does not appear to be forwarding the requests.
You can go to:
http://www.netadmintools.com/art233.html
and copy and past the logging config option in your bind.conf files. Stop and restart your DNS server and then try the nslookup again.
Then remove the logging statements and stop and restart your DNS server again. Now you can look at the logs to see if they shed any light on the problem.
You can go to:
http://www.netadmintools.com/art233.html
and copy and past the logging config option in your bind.conf files. Stop and restart your DNS server and then try the nslookup again.
Then remove the logging statements and stop and restart your DNS server again. Now you can look at the logs to see if they shed any light on the problem.
ASKER
ok, but was looking for a person who has seen this or can explain
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for the points, but what was the problem?
I am assuming that starasv109 is the DNS server also.
If you did stop/restart/HUP'ed the DNS server and starasv109 is the DNS server, then I suggest that you run nslookup with d2 options and try and debug what it is doing.