Forwarding for unknown addresses

Nathan Coraor · Sep 21, 2004

I'm having a problem with the domain DNS server not
forwarding requests for our reverse domain to our main DNS
servers. This server acts as a forwarder - it only knows
about domain members that auto-update the zone, the rest
of the requests it is supposed to forward to the
forwarders. These forwarders know the rest of the DNS
information for our top domain and IP block.

For the Forward Lookup Zone, it forwards requests OK.
This is because our Windows domain is a subdomain of our
full domain name (i.e. win.whatever.com), so requests for
somethingelse.whatever.com will be sent on to the
forwarder. However, for the Reverse Lookup Zone, it
doesn't forward requests that are not in the zone.

Let's say the RLZ is 192.168.x.x Subnet. There's a domain
member:

foo.win.whatever.com == 192.168.5.20

And some other host, that's not a domain member:

bar.whatever.com == 192.168.5.21

If I look up foo.win.whatever.com, the server will tell me
192.168.5.20. If I look up bar.whatever.com, it will tell
me 192.168.5.21, since it forwards the non
win.whatever.com request to a main DNS server.

If I look up 192.168.5.20, the server will tell me
foo.win.whatever.com, because it has that information in
it's own tables. However, if I look up 192.168.5.21, it
replies that the address does not have a name, since it
believes it is the authoritative DNS server for
192.168.x.x. The desired action, however, is to forward
this request to the true main DNS server.

Is there any way to get it to forward these requests that
it does not know, even if it considers itself
authoritative for the zone?

Thanks in advance,
--nate

Kevin D. Goodknecht Sr. [MVP] · Sep 21, 2004

In

Nathan Coraor said:
I'm having a problem with the domain DNS server not
forwarding requests for our reverse domain to our main DNS
servers. This server acts as a forwarder - it only knows
about domain members that auto-update the zone, the rest
of the requests it is supposed to forward to the
forwarders. These forwarders know the rest of the DNS
information for our top domain and IP block.

For the Forward Lookup Zone, it forwards requests OK.
This is because our Windows domain is a subdomain of our
full domain name (i.e. win.whatever.com), so requests for
somethingelse.whatever.com will be sent on to the
forwarder. However, for the Reverse Lookup Zone, it
doesn't forward requests that are not in the zone.

Let's say the RLZ is 192.168.x.x Subnet. There's a domain
member:

foo.win.whatever.com == 192.168.5.20

And some other host, that's not a domain member:

bar.whatever.com == 192.168.5.21

If I look up foo.win.whatever.com, the server will tell me
192.168.5.20. If I look up bar.whatever.com, it will tell
me 192.168.5.21, since it forwards the non
win.whatever.com request to a main DNS server.

If I look up 192.168.5.20, the server will tell me
foo.win.whatever.com, because it has that information in
it's own tables. However, if I look up 192.168.5.21, it
replies that the address does not have a name, since it
believes it is the authoritative DNS server for
192.168.x.x. The desired action, however, is to forward
this request to the true main DNS server.

Is there any way to get it to forward these requests that
it does not know, even if it considers itself
authoritative for the zone?

You will have to delegate the reverse lookup IPs, but that is not easy nor
pretty, You probably should have used different subnets for the different
sites.

Ace Fekay [MVP] · Sep 21, 2004

In

Nathan Coraor said:
I'm having a problem with the domain DNS server not
forwarding requests for our reverse domain to our main DNS
servers. This server acts as a forwarder - it only knows
about domain members that auto-update the zone, the rest
of the requests it is supposed to forward to the
forwarders. These forwarders know the rest of the DNS
information for our top domain and IP block.

For the Forward Lookup Zone, it forwards requests OK.
This is because our Windows domain is a subdomain of our
full domain name (i.e. win.whatever.com), so requests for
somethingelse.whatever.com will be sent on to the
forwarder. However, for the Reverse Lookup Zone, it
doesn't forward requests that are not in the zone.

Let's say the RLZ is 192.168.x.x Subnet. There's a domain
member:

foo.win.whatever.com == 192.168.5.20

And some other host, that's not a domain member:

bar.whatever.com == 192.168.5.21

If I look up foo.win.whatever.com, the server will tell me
192.168.5.20. If I look up bar.whatever.com, it will tell
me 192.168.5.21, since it forwards the non
win.whatever.com request to a main DNS server.

If I look up 192.168.5.20, the server will tell me
foo.win.whatever.com, because it has that information in
it's own tables. However, if I look up 192.168.5.21, it
replies that the address does not have a name, since it
believes it is the authoritative DNS server for
192.168.x.x. The desired action, however, is to forward
this request to the true main DNS server.

Is there any way to get it to forward these requests that
it does not know, even if it considers itself
authoritative for the zone?

Thanks in advance,
--nate

For FLZ, yes, but not for RLZ, unfortunately.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

Forwarding for unknown addresses

Nathan Coraor

Kevin D. Goodknecht Sr. [MVP]

Ace Fekay [MVP]