Solved

DNS Forwarders

Posted on 2012-03-23
5
351 Views
Last Modified: 2012-04-05
I'm starting to dig into DNS forwarders and how they really work and what to get an idea of others experiences.

In our environment, we have primary DNS servers that house 20 or so zones and then we have secondaries that store a subset of those zones.  The primary DNS servers do zone transfers with the secondaries.  

For this example, primary dns server at IP 192.168.110.10 host zones called:  A.com, B.com, C.com, D.com, E.com, F.com, G.com, H.com, and I.com.  

Secondary DNS server at IP 192.168.110.20  holds zones A.com, B.com, C.com, and D.com.  Secondary DNS server at IP 192.168.110.20 is set to "forward" request it can't answer to 192.168.110.10.

Lets imagine a scenario in which for whatever reason (it's happening here) that secondary server at IP 192.168.110.20 looses it's ability to pull zone transfers from 192.168.110.10.  For this example lets focus on the zone A.com.  In this situation the A.com dns zone on 192.168.110.10 would start accumulating updates but would never trickle down to the A.com zone on 192.168.110.20.  

My question is this:  lets say a new dns entry called test.a.com is on the A.com dns zone of 192.168.110.10.  My windows 7 laptop has only 1 DNS server in it's TCP/IP Stack (192.168.110.20).  When I open nslookup from my windows 7 workstation and type test.a.com it queries 192.168.110.20 (which doesn't have the record).  Why does 192.168.110.20 forward to 192.168.110.10?
0
Comment
Question by:niaidsdt
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37758752
Because it is not authorative for the zone so passes it to an authorative server.
0
 

Author Comment

by:niaidsdt
ID: 37758775
I miss phrased that.  Why does 192.168.110.20 NOT forward to 192.168.110.10?
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 240 total points
ID: 37759192
The answer is the opposite of what's posted above: .20 is authoritative for that zone (it stores a copy of the zone locally, even if it's only a secondary zone, and even if it doesn't have a record for the hostname in the query), so it will never forward queries for that zone anywhere.
0
 

Author Comment

by:niaidsdt
ID: 37812902
Can a secondary be "authoritative".  I thought that only those that are SOA / have NS records can be authoritative.


Anyway, your answer was right.  If the server holds a zone, it will never forward.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 37813204
Any server that has a local copy of a zone is considered authoritative for that zone, even if it's a read-only (secondary) copy.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now