Try it without "+trace". Regards, Chris
> On Aug 17, 2016, at 2:59 AM, anup albal <anupal...@hotmail.com> wrote: > > Hi > > First up apologies if this is not the right list to email and for a long > email. I am hoping you can give me a clue as to what I am doing wrong here? > Or may be this is not supposed to work at all. > > We have an internal only DNS server (dns1) with fake root zone. i.e a fake > file for the zone "." This serves all internal clients. > We are running 9.6-ESV-R11-P2 for this. > > And we also have an external only DNS (ns1) which can talk to the internet > for DNS queries and serves external clients. > > Now we have a requirement to have certain domains (e.g sharepoint.com > <http://sharepoint.com/>) resolved on clients being served by dns1. > > On dns1 I have setup a forward only zone called 'sharepoint.com > <http://sharepoint.com/>' with ns1 set as the forwarder. > And on the fake root zone file, I have added an entry for sharepoint like > below > sharepoint.com <http://sharepoint.com/>. NS > ns1.org.domain.name.au <http://ns1.org.domain.name.au/>. > > when i run a dig +trace sharepoint.com <http://sharepoint.com/> from dns1 I > can resolve sharepoint.com <http://sharepoint.com/> > But when i run it from an internal client it gets a Non-authoritative: No > answer > > Below are my snippets of my named.conf on dns1 (internal) > > options { > directory "/var/dns"; > forwarders { ip.of.ns1; }; > listen-on { ip.of.dns1; 127.0.0.1; }; > query-source address ip.of.dns1; > notify-source ip.of.dns1; > transfer-source ip.of.dns1; > allow-transfer { xxx.xxx/16; }; > transfer-format one-answer; // BIND9 (deal with Windows Server > 2003) > > }; > > <.....> > zone "." in { > type master; > file "fake/root"; > }; > > zone "." in { > type hint; > file "/var/dns/fake/named.root"; > }; > zone "sharepoint.com <http://sharepoint.com/>." in { > type forward; > forward only; > forwarders {ip.of.ns1;}; > }; > > The file fake/root has entries like below (ip and domain names changed for > security) > > $TTL 86400 > ; NOTE: TTL based on from Bind8 SOA record > ; > ; This file contains *fake* DNS Resource Records for the root domain (.) > ; > > . IN SOA dns1.org.domain.name.au > <http://dns1.org.domain.name.au/>. xxx.dns1.org.domain.name.au > <http://org.domain.name.au/>. ( > 2016081608 ; serial > 10800 ; refresh > 3600 ; retry > 3600000 ; expire > 86400 ) ; minimum > > . NS dns1.org.domain.name.au > <http://dns1.org.domain.name.au/>. > ;. NS dns2.org.domain.name.au > <http://dns2.org.domain.name.au/>. > > com.au <http://com.au/>. NS dns1.org.domain.name.au > <http://dns1.org.domain.name.au/>. > sharepoint.com <http://sharepoint.com/>. NS > ns1.org.domain.name.au <http://ns1.org.domain.name.au/>. > difforg.diffdomain.au <http://difforg.diffdomain.au/>. NS > dns1.org.domain.name.au <http://dns1.org.domain.name.au/>. > > 0.0.127.in-addr.arpa. NS dns1.org.domain.name.au > <http://dns1.org.domain.name.au/>. > > xxx.xxx.in-addr.arpa. NS dns1.org.domain.name.au > <http://dns1.org.domain.name.au/>. > > localhost. A 127.0.0.1 > > ; Glue > dns1.org.domain.name.au <http://dns1.org.domain.name.au/>. A ip.of.dns1 > ns1.org.domain.name.au <http://ns1.org.domain.name.au/>. A ip.of.ns1 > ;dns2.org.domain.name.au <http://dns2.org.domain.name.au/>. A > xxx.xxx.xxx.xxx > > The root hints file (named.root) has below > > . 3600 IN NS dns1.org.domain.name.au > <http://dns1.org.domain.name.au/> > dns1 3600 A ip.of.dns1 > > > nslookup on a client returns this > nslookup sharepoint.com <http://sharepoint.com/> > Server: ip.of.dns1 > Address: ip.of.dns1#53 > > Non-authoritative answer: > *** Can't find sharepoint.com <http://sharepoint.com/>: No answer > > And running dig on a client returns this > dig +trace sharepoint.com <http://sharepoint.com/> > > ; <<>> DiG 9.3.4-P1 <<>> +trace sharepoint.com <http://sharepoint.com/> > ;; global options: printcmd > . 86400 IN NS dns1.org.domain.name.au > <http://dns1.org.domain.name.au/>. > ;; Received 69 bytes from ip.of.dns1#53(ip.of.dns1) in 1 ms > > sharepoint.com <http://sharepoint.com/>. 86400 IN NS > ns1.org.domain.name.au <http://ns1.org.domain.name.au/>. > ;; Received 84 bytes from ip.of.dns1#53(dns1.org.domain.name.au > <http://dns1.org.domain.name.au/>) in 0 ms > > ;; connection timed out; no servers could be reached > > > Regards > Anup > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users > <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this > list > > bind-users mailing list > bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> > https://lists.isc.org/mailman/listinfo/bind-users > <https://lists.isc.org/mailman/listinfo/bind-users>
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users