Ok, I got NAMED to properly handle the forwarders by putting in per zone forwarder entries. Basicallly, I left the global forwarders entry as below, but then I created zones of type forward for the few zones that are hosted by server z.y.x.u. Then I put in a zone specific forwarders entry just for the zones hosted on z.y.x.u. Now it works, but I would still (1) Try to get the thing to work just off of resolv.conf (2) Figure out why the global forwarders entry did not work. I think the answer to both problems is, as Jaan stated, that the first server returns NXDOMAIN instead of being non-responsive. Thanks again, -- Moby Mobeen Azhar wrote:
Thanks for your response Jaan.
The issue then, from your response below, is that the first DNS server responds, even though the response is negative. A Linux box will only go to the other DNS servers listed in resolv.conf if there is NO response at all from the first DNS server.
To get around this, I installed BIND9 on the Linux box and setup a forwarding only DNS server. Then, in /etc/resolv.conf/ I put in nameserver 127.0.0.1 (this is probably not necessary from what I can gather). In my named.conf, I have the following entries to allow the server to forward requests:
forwarders {a.b.c.d;z.y.x.u};
However, even now, only the name server listed first in the forwarders list works! Does BIND also only goes to the second forwarder address if the first one does not respond at all? Is there a way to make BIND go to the second forwarder address if the first one returns a NXDOMAIN response?
Thanks again for you
--Moby
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
First they came for the Jews and I did not speak out because I was not a Jew. Then they came for the Communists and I did not speak out because I was not a Communist. Then they came for the trade unionists and I did not speak out because I was not a trade unionist. Then they came for me and there was no one left to speak out for me. -- Pastor Martin Niemöller
Jaan Kold wrote:
On Monday 15 March 2004 19:13, Mobeen Azhar wrote:
I am running Suse 9.0. It appears that the system does not honor multiple nameserver entries in /etc/resolv.conf. My /etc/resolv.conf looks as below:
nameserver a.b.c.d nameserver z.y.x.u
First off I'm not a true techie/geek. Just a bystander. But I try to pay some attention at least. My local techie did look into all this, pissing off DNS/ BIND guys while doing so -):
This is "how it works" according to the specs. You can't have multiple *responding* isolated DNS:s and expect it to work. A Linux boxen will *only* traverse a client DNS servers listing if there is *no response*. You do need to have DNS:es talk to each other? to pass you up the list, ehem..at this stage I'll be quiet since I haven't actually setup a DNS.. (a caching only is on the to-do list). I think you know what I'm trying to say though.
And yes, "my local geek" was mighty upset when he found out, weird as it is.. this behaviour is from libc/glic (he is a developer thus refusing the answer at first, and he dug until he knew why). This is nothing to play with.. in other words.
The reason why this came as a real surpise, was that indeed our WIndows clients *did* traverse the DNS list if it gets a.."bad answer?" from the first DNS....you follow me on this?
PS: If I make any BIND guru's upset, since I obvioulsy don't grasp this fully: please forgive me...
jk