Solved

DNS Forwarders

Posted on 2012-03-23
5
339 Views
Last Modified: 2012-04-05
I'm starting to dig into DNS forwarders and how they really work and what to get an idea of others experiences.

In our environment, we have primary DNS servers that house 20 or so zones and then we have secondaries that store a subset of those zones.  The primary DNS servers do zone transfers with the secondaries.  

For this example, primary dns server at IP 192.168.110.10 host zones called:  A.com, B.com, C.com, D.com, E.com, F.com, G.com, H.com, and I.com.  

Secondary DNS server at IP 192.168.110.20  holds zones A.com, B.com, C.com, and D.com.  Secondary DNS server at IP 192.168.110.20 is set to "forward" request it can't answer to 192.168.110.10.

Lets imagine a scenario in which for whatever reason (it's happening here) that secondary server at IP 192.168.110.20 looses it's ability to pull zone transfers from 192.168.110.10.  For this example lets focus on the zone A.com.  In this situation the A.com dns zone on 192.168.110.10 would start accumulating updates but would never trickle down to the A.com zone on 192.168.110.20.  

My question is this:  lets say a new dns entry called test.a.com is on the A.com dns zone of 192.168.110.10.  My windows 7 laptop has only 1 DNS server in it's TCP/IP Stack (192.168.110.20).  When I open nslookup from my windows 7 workstation and type test.a.com it queries 192.168.110.20 (which doesn't have the record).  Why does 192.168.110.20 forward to 192.168.110.10?
0
Comment
Question by:niaidsdt
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37758752
Because it is not authorative for the zone so passes it to an authorative server.
0
 

Author Comment

by:niaidsdt
ID: 37758775
I miss phrased that.  Why does 192.168.110.20 NOT forward to 192.168.110.10?
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 240 total points
ID: 37759192
The answer is the opposite of what's posted above: .20 is authoritative for that zone (it stores a copy of the zone locally, even if it's only a secondary zone, and even if it doesn't have a record for the hostname in the query), so it will never forward queries for that zone anywhere.
0
 

Author Comment

by:niaidsdt
ID: 37812902
Can a secondary be "authoritative".  I thought that only those that are SOA / have NS records can be authoritative.


Anyway, your answer was right.  If the server holds a zone, it will never forward.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 37813204
Any server that has a local copy of a zone is considered authoritative for that zone, even if it's a read-only (secondary) copy.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now