DNS does not forward unknown hosts

[Guest]

I have a name server set up with an example forward lookup zone
"company.com", and it has a host entry for "myhost.company.com".

I have another name server set up with two example forward lookup zones
"region.company.com" and "company.com", and is configured to use the IP
address of the first name server as a forwarder.

I have a client configured to use the second name server, and it's unable to
resolve "myhost.company.com" unless I create a host entry for it in the
"company.com" zone of the second name server.

Shouldn't the second name server forward the query to the first name server
when it sees that the host doesn't existing in it's local "company.com"
zone?

 

[Ace Fekay [MVP]]

In

I have a name server set up with an example forward lookup zone
"company.com", and it has a host entry for "myhost.company.com".

I have another name server set up with two example forward lookup
zones "region.company.com" and "company.com", and is configured to
use the IP address of the first name server as a forwarder.

I have a client configured to use the second name server, and it's
unable to resolve "myhost.company.com" unless I create a host entry
for it in the "company.com" zone of the second name server.

Shouldn't the second name server forward the query to the first name
server when it sees that the host doesn't existing in it's local
"company.com" zone?

Unfortunately, no. The DNS client side resolver will look no further if it
gets a response. A negative response, such as not-found, is a response too,
so it will not look any further. You must be careful when you want to
stipulate multiple DNS entries. Each entry MUST HAVE IDENTICAL data or a
means to get to that data by setting up the DNS server to forward, using
stubs or secondaries configured to the DNS server that does have the data.
Multiple entires is NOT a means for the resolver to bounce back and forth
between entries until it finds an answer. Unjfortunately that;s not how it
works. Also if the client resolver does find a server that will respond,
whether the answer is there or not, suxch as a negative answer, it will
stick to that DNS as it's "eligible resolver" and will look no further in
the list for future responses for the time out period set in the reg, which
is resetable to force it back to the first in the list after each resolution
request. But we don';t really want to mess with that setting or you would
have to change it on all machines internally and is rather pointless

Sorry for the bad news. I hope that helps.


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Try using Outlook Express or any other newsreader, configure a news
account, and point it to news.microsoft.com. Anonymous access. It's
easy and it's free:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Life isn't like a box of chocolates or a bowl of cherries or
peaches... Life is more like a jar of jalapenos. What you do today
may burn your butt tomorrow." - Garfield

 

[Guest]

Thanks for the good explanation. My current workaround will be to replicate
the "company.com" zone between name servers.

 

[Ace Fekay [MVP]]

In

Thanks for the good explanation. My current workaround will be to
replicate the "company.com" zone between name servers.

You are welcome. Excellent choice to setup a zone transfer between the
servers.

Cheers!

Ace