On Feb 21, 2012, at 9:51 AM, Marseglia, Michael wrote:

> Hello,
>  
>   I’m looking for advice on an issue.  I have a publicly registered domain 
> which we also use internally.  I have bind configured as a caching DNS 
> server.  Bind is configured to use four other Windows DNS servers as 
> forwarders for the domain.  Bind should be using the root servers for 
> anything not configured to forward.
>  
>   Bind replies with the correct name record when I perform a query using the 
> fqdn for a machine.  However, the authority and additional portion of the 
> query returns the root servers.
>  
>   The Windows DNS servers are returned if I perform a query for the NS 
> records of the internal domain.
>  
>   Subsequent DNS queries using the fqdn show the appropriate, internal 
> Windows DNS servers.

This is harmless and normal.

>   I don’t understand why BIND is attempting to resolve the private, internal 
> domain using the root servers when I have a forwarders statement in my 
> configuration file specifying our internal DNS servers.

It's not.

>   Is there an article that addresses this issue or can someone please point 
> me to the correct resource so I can understand what is going on?

- BIND receives query for hostname in internal domain
- BIND forwards query to MS DNS server
- MS DNS server answers authoritatively, but does not include auth and add'l 
sections
- BIND evaluates answer and accepts it
- BIND sends answer back to client, along with the best auth and add'l data it 
has in cache, which might be from the root zone
- Client gets answer, but drops auth and add'l sections

Harmless. Normal. Nothing to be worried about.

Regards,
Chris Buxton
BlueCat Networks

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to