Solved

DNS Forwarders

Posted on 2012-03-23
5
365 Views
Last Modified: 2012-04-05
I'm starting to dig into DNS forwarders and how they really work and what to get an idea of others experiences.

In our environment, we have primary DNS servers that house 20 or so zones and then we have secondaries that store a subset of those zones.  The primary DNS servers do zone transfers with the secondaries.  

For this example, primary dns server at IP 192.168.110.10 host zones called:  A.com, B.com, C.com, D.com, E.com, F.com, G.com, H.com, and I.com.  

Secondary DNS server at IP 192.168.110.20  holds zones A.com, B.com, C.com, and D.com.  Secondary DNS server at IP 192.168.110.20 is set to "forward" request it can't answer to 192.168.110.10.

Lets imagine a scenario in which for whatever reason (it's happening here) that secondary server at IP 192.168.110.20 looses it's ability to pull zone transfers from 192.168.110.10.  For this example lets focus on the zone A.com.  In this situation the A.com dns zone on 192.168.110.10 would start accumulating updates but would never trickle down to the A.com zone on 192.168.110.20.  

My question is this:  lets say a new dns entry called test.a.com is on the A.com dns zone of 192.168.110.10.  My windows 7 laptop has only 1 DNS server in it's TCP/IP Stack (192.168.110.20).  When I open nslookup from my windows 7 workstation and type test.a.com it queries 192.168.110.20 (which doesn't have the record).  Why does 192.168.110.20 forward to 192.168.110.10?
0
Comment
Question by:niaidsdt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37758752
Because it is not authorative for the zone so passes it to an authorative server.
0
 

Author Comment

by:niaidsdt
ID: 37758775
I miss phrased that.  Why does 192.168.110.20 NOT forward to 192.168.110.10?
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 240 total points
ID: 37759192
The answer is the opposite of what's posted above: .20 is authoritative for that zone (it stores a copy of the zone locally, even if it's only a secondary zone, and even if it doesn't have a record for the hostname in the query), so it will never forward queries for that zone anywhere.
0
 

Author Comment

by:niaidsdt
ID: 37812902
Can a secondary be "authoritative".  I thought that only those that are SOA / have NS records can be authoritative.


Anyway, your answer was right.  If the server holds a zone, it will never forward.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 37813204
Any server that has a local copy of a zone is considered authoritative for that zone, even if it's a read-only (secondary) copy.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Resolve DNS query failed errors for Exchange
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question