Solved

DNS Forwarders

Posted on 2012-03-23
5
360 Views
Last Modified: 2012-04-05
I'm starting to dig into DNS forwarders and how they really work and what to get an idea of others experiences.

In our environment, we have primary DNS servers that house 20 or so zones and then we have secondaries that store a subset of those zones.  The primary DNS servers do zone transfers with the secondaries.  

For this example, primary dns server at IP 192.168.110.10 host zones called:  A.com, B.com, C.com, D.com, E.com, F.com, G.com, H.com, and I.com.  

Secondary DNS server at IP 192.168.110.20  holds zones A.com, B.com, C.com, and D.com.  Secondary DNS server at IP 192.168.110.20 is set to "forward" request it can't answer to 192.168.110.10.

Lets imagine a scenario in which for whatever reason (it's happening here) that secondary server at IP 192.168.110.20 looses it's ability to pull zone transfers from 192.168.110.10.  For this example lets focus on the zone A.com.  In this situation the A.com dns zone on 192.168.110.10 would start accumulating updates but would never trickle down to the A.com zone on 192.168.110.20.  

My question is this:  lets say a new dns entry called test.a.com is on the A.com dns zone of 192.168.110.10.  My windows 7 laptop has only 1 DNS server in it's TCP/IP Stack (192.168.110.20).  When I open nslookup from my windows 7 workstation and type test.a.com it queries 192.168.110.20 (which doesn't have the record).  Why does 192.168.110.20 forward to 192.168.110.10?
0
Comment
Question by:niaidsdt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37758752
Because it is not authorative for the zone so passes it to an authorative server.
0
 

Author Comment

by:niaidsdt
ID: 37758775
I miss phrased that.  Why does 192.168.110.20 NOT forward to 192.168.110.10?
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 240 total points
ID: 37759192
The answer is the opposite of what's posted above: .20 is authoritative for that zone (it stores a copy of the zone locally, even if it's only a secondary zone, and even if it doesn't have a record for the hostname in the query), so it will never forward queries for that zone anywhere.
0
 

Author Comment

by:niaidsdt
ID: 37812902
Can a secondary be "authoritative".  I thought that only those that are SOA / have NS records can be authoritative.


Anyway, your answer was right.  If the server holds a zone, it will never forward.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 37813204
Any server that has a local copy of a zone is considered authoritative for that zone, even if it's a read-only (secondary) copy.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question