Forwarding with problems.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I've an environment where I have a domain (abc.com) and I have configured
the DNS servers to forward queires to a UNIX dns server for any Internet
accessibility. This needs to be set this way for security reasons and the MS
DNS server is not suppose to have access to the internet.

Now, when I check the logs on the Unix DNS Server, I'm finding out that if I
were to request for google.com;
1. It will request for google.com.abc.com first. This will obviously fail.
2. It will then ask for abc.com and get the correct address.

This means that every request will fail the first time. I was wondering if
this is by design and if there's any configuration which I can make to
rectify this.

Thanks in advance.

regards,

Ricky Chong
 
Ricky said:
Hi,

I've an environment where I have a domain (abc.com) and I have
configured the DNS servers to forward queires to a UNIX dns server
for any Internet accessibility. This needs to be set this way for
security reasons and the MS DNS server is not suppose to have access
to the internet.
Click to expand...

All clients must use the MS DNS only, the MS DNS will forward to the Unix
DNS, in addition, on the MS DNS Forwarders tab check the box "Do not use
recursion". This effectively disables the MS DNS from using root hyints to
resolve external names.
Now, when I check the logs on the Unix DNS Server, I'm finding out
that if I were to request for google.com;
1. It will request for google.com.abc.com first. This will obviously
fail.
2. It will then ask for abc.com and get the correct address.
Click to expand...

It shouldn't if you are trying to resolve google.com
This means that every request will fail the first time. I was
wondering if this is by design and if there's any configuration which
I can make to rectify this.
Click to expand...


The DNS client (and nslookup) appends all non-fully qualified domain names
with the Primary and connection specific suffix, then devolve to the queried
name.
google.com.abc.com
Then
google.com

If you have a three level domain name you'll see:
google.com.subdomain.abc.com
Then
google.com.abc.com
then
google.com

If you use a fully qualified domain name which requires a dot after the name
it will not append. e.g "google.com." (notice the trailing dot) the dot is
what makes the name fully qualified. Without this behavior DNS will not
resolve host names.
e.g.nslookup host will append the domain name and resolve host.abc.com, if
you use nslookup host. (with trailing dot) the query will fail.
 
Back
Top