Improve company productivity with a Business Account.Sign Up

x
?
Solved

DNS Forwarders

Posted on 2012-03-23
5
Medium Priority
?
390 Views
Last Modified: 2012-04-05
I'm starting to dig into DNS forwarders and how they really work and what to get an idea of others experiences.

In our environment, we have primary DNS servers that house 20 or so zones and then we have secondaries that store a subset of those zones.  The primary DNS servers do zone transfers with the secondaries.  

For this example, primary dns server at IP 192.168.110.10 host zones called:  A.com, B.com, C.com, D.com, E.com, F.com, G.com, H.com, and I.com.  

Secondary DNS server at IP 192.168.110.20  holds zones A.com, B.com, C.com, and D.com.  Secondary DNS server at IP 192.168.110.20 is set to "forward" request it can't answer to 192.168.110.10.

Lets imagine a scenario in which for whatever reason (it's happening here) that secondary server at IP 192.168.110.20 looses it's ability to pull zone transfers from 192.168.110.10.  For this example lets focus on the zone A.com.  In this situation the A.com dns zone on 192.168.110.10 would start accumulating updates but would never trickle down to the A.com zone on 192.168.110.20.  

My question is this:  lets say a new dns entry called test.a.com is on the A.com dns zone of 192.168.110.10.  My windows 7 laptop has only 1 DNS server in it's TCP/IP Stack (192.168.110.20).  When I open nslookup from my windows 7 workstation and type test.a.com it queries 192.168.110.20 (which doesn't have the record).  Why does 192.168.110.20 forward to 192.168.110.10?
0
Comment
Question by:niaidsdt
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37758752
Because it is not authorative for the zone so passes it to an authorative server.
0
 

Author Comment

by:niaidsdt
ID: 37758775
I miss phrased that.  Why does 192.168.110.20 NOT forward to 192.168.110.10?
0
 
LVL 27

Accepted Solution

by:
DrDave242 earned 720 total points
ID: 37759192
The answer is the opposite of what's posted above: .20 is authoritative for that zone (it stores a copy of the zone locally, even if it's only a secondary zone, and even if it doesn't have a record for the hostname in the query), so it will never forward queries for that zone anywhere.
0
 

Author Comment

by:niaidsdt
ID: 37812902
Can a secondary be "authoritative".  I thought that only those that are SOA / have NS records can be authoritative.


Anyway, your answer was right.  If the server holds a zone, it will never forward.
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 37813204
Any server that has a local copy of a zone is considered authoritative for that zone, even if it's a read-only (secondary) copy.
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their VPS hosting experience that much smoother.
Hi, this video explains a free download that you can incorporate into your Access databases, or use stand-alone for contact management. Contacts -- Names, Addresses, Phone Numbers, eMail Addresses, Websites, Lists, Projects, Notes, Attachments…
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question