priority Q:forwader or root hints?

[Bojan Zivancevic]

If I have dns server with root hints and with forwader set up, should the
forwader have priority over root hints?

I am asking that because I noticed that this dns server is directly
acquiring dns names from the internet, and not from the forwarder. If the
root hints have priority, what's the point in having a forwarder? Or one
must manually delete entries from cache.dns (or delete the file) to prevent
such behavior?

Bojan

 

[Herb Martin]

I don't think you have a choice -- I believe it is the forwarder
first -- and the root hints second.

But note that the forwarder is mostly going to succeed or return
NXDOMAIN when unable to resolve the name -- and the
requesting server is going to give up if that happens.

 

[Jonathan de Boyne Pollard]

BZ> If I have dns server with root hints and with forwader set
BZ> up, should the forwader have priority over root hints?

This question is answered in the Microsoft DNS server documentation.

<URL:http://www.microsoft.com./technet/p...tserver/sag_DNS_und_Forwarders.asp?frame=true>

 

[Bojan Zivancevic]

Thanks guys for clearing that up for me. I just found out what was the cause
of my problem. You see, this is all in a test phase and I was trying some
things out. I forgot that I set up the default gateway on that dns server.
So, the poor guy just passed everything further down the road, bypassing the
forwader. When I deleted the def. gateway entry, everything was OK.

@Ace:
I determined such behaviour from the router log. The router is doing NAT and
from the log I saw that the dns requests didn't come from the forwader.

Now one more Q. How can I see what's in the dns server's cache? I emphasize
the word 'server' - this is not a resolver cache I am talking about.

Bojan

 

[Bojan Zivancevic]

Bojan, I can't see how the def gateway would affect this. The default
gateway is for network communication to allow communication across other
subnets and/or the Internet.

I know. After I posted the message I had some doubts too... Maybe it was a
coincidence, but that was the only change I made and afterwards the log
showed that requests are coming from the forwader.

If all your machines are pointing soley at your internal DNS and no others,
such as an ISP's DNS server, and that's the same with the DNS server itself,
it should point to itself and NO others, such as an ISP's DNS server (so
it's a client of itself). If you do have an external server listed, it would
*appear* that the queries are going out from the DNS server because it's
querying the outside server instead of your own. Make sense?

Well, it makes sense, but only if the forwarder (i.e. external server as you
call it) is the first in the resolver list, right? If the internal server is
the first, then it should answer the queries with the help of the forwarder.
Anyway, resolvers have only one dns server listed, and that's the internal
one.

But let me clarify this configuration a bit. Maybe it will help you to
understand the problem better.

Internal dns, AD 2000, dns pointing to the forwader, dhcp server. The second
server on the network is a mail server, not a DC, has dns service started in
caching only mode. This second server is the forwarder. The next link in the
chain is the router, it is doing nat etc. Every workstation is on dhcp and
is getting dns and other info from it. The only dns server listed is the
internal one.

So, workstation sends a dns requests to the internal dns, and this guy
forwards it to the mail server (dns forwarder), which connects to the
internet through a router.

Can I see an unedited ipconfig /all from the DNS server?
And put your gateway back in there....

I can send this here, no pb, but not at once. This network is on one of our
client's premises, not on our own network. I will go there some time next
week and will get you the data.

As far as the gateway is concerned, I will record some log data with/without
the gateway and we'll see how it behaves.

Thanks a lot for your answers! DNS cache tip is great- I forgot about the
advanced view...

Bojan