DNS forwarders not working

Hi all ,

Weird one here I just cant get my head around. Currently running NT4 domain and need to get forwarders working on my DNS server.

The reason being we have a server here that is a dns server for a third party company that resolves addresses on their closed intranet. The problems we have is clients all have to have different dns server search orders depending on what they need access to as the third party dns server does not resolve internet addresses only their own.

So my solution was to set up DNS forwarders on my DNS server to try and resolve the third party queries using a forwarder to their server.

However it doesnt work. If I put the IP of their server in the forwarders then clients using my server for DNS can resolve their addresses fine, BUT internet resolution provided by my DNS server stops working.

Ive tried putting an ISP DNS address in the forwarders as well , in both orders thinking interent will resolve using this , and if the interent DNS cannot resolve it will move onto the the third party server and resolve. But this stops third party resolution working.

Even if i have third party server first and ISP second internet resolution stops working.

So in desperation thinking my DNS is somehow broken ive just set up a test 2000 server with fresh install of DNS and I have the exact same symptoms.



Im stuck now and dont really know where else to look ?



Any ideas ?

Sweet, for the very first time I'm gonna recommend forward zones! How exciting!



The concept is this. Your DNS server will resolve domains itself or by forwarding queries to your ISP's dns servers as normal for internet domains. For the third party zone, however, we are going to setup special forwarding rules.



Dunno what the third party TLD zone is, but we're going to use "lan" as an example. The IP "10.1.2.3" is the example IP address of the third party dns server.



zone "lan" IN {

type forward;

forwarders { 10.1.2.3; };

};

Sounds like a good recommendation to me too.



Andy, if you抮e wondering what抯 wrong with your setup, you need to remember that the forwarders list doesn抰 behave like the suffix search order on the client. The client resolver will go through the search list until it resolves the name, i.e. if it gets NXDOMAIN, it tries a different FQDN. In order for the DNS server to go through the list of its forwarders, the forwarders have to time out, they have to be unreachable or substantially slower, thus being penalized and tried later again. (another reason would be marked as 搇ame server?but only if misconfigured). When you get NXDOMAIN from the forwarder, it doesn抰 mean it failed, it just means the authority says there is no such name, but that抯 still a valid answer. So, when you configure your ISP forwarder first in the list, the intranet names DO get resolved, but against the Internet root servers, where obviously your intranet names don抰 exist. Hence NXDOMAIN. When you put your client DNS first on the list of forwarders, the opposite is true: the Internet names now don抰 get resolved because your client DNS server either replies with NXDOMAIN (if it抯 configured to be root), or simply is ignored as a lame server (if it抯 configured to forward BACK to your DNS server, in which case you抎 get 搒erver failed?error on the client). In either case, it all makes sense



Pavel.

Guys thanks for clearing that up.



I know understand how it works and realise that this is not in fact going to be a viable solution now.



So at least I know I havn't done something wrong on both my DNS servers !



But that leaves me with really a bigger problem. How in fact can I get this working ? I need my clients to resolve both sets of addresses, internet and the 3rd party stuff.



Ive tried looking into adding the 3rd party servers as a zone on my DNS server but they dont and probably wont allow zone transfers . So thats that option out.



Run out of ideas now, but I HAVE to find a solution to this.

Why is forward zones not acceptable? forward zones do not require zone transfers.

Guys,



Thanks for all your help on this.



I have now resolved it. I managed to get a hard copy of the 3rd party DNS Zones and manually added them to my server in 2 new zones and all is working perfectly.



Admittedly its not perfect as if they change any records ( which is unlikely) mine will then be out of date.



The final solution for the future will be to put in a W2K3 server and use conitional forwarding by the looks of it. But other pressing matters mean this can wait a while.



Again thanks for all your help.



Andy

forward zones in BIND ARE the equivilent of conditional forwarding in windows DNS. I really wish you would explain why that is not a viable and totally advantageous solution. It seems you completely ignored my previous post.

Sorry SR, but im not running Bind as as I needed a quick solution havnt got time to investigate it.



Thanks for your input all the same

oh, lol. I thought we were talking about BIND this entire time. Actually, I don't know if Microsoft DNS Server has conditional forwarding.