vincenzo romero wrote:
thank you again, more clarification, if anyone can pls shed light ...
That happens anyway if the forwarder is not authoritative - that is, the forwarder will act as a caching proxy.
ok - so my lab.company.com is authoritative, so it should keep a copy of company.com's information then and be able to respond to queries even within the domain of company.com?
Yes, if a server is configured as primary or seconday for a zone it will reply directly without asking anyone else.
It's not really polite to send private IP reverse lookups to the public root servers, but I suppose millions of places do...
i'm sorry, but how do i configure (or any pointer pls?) so that I do not point to the public root servers? i just followed templates; whereas, the company.com DNS, I was not the one who configured it.
Configure your servers as primary or secondary for the reverse zones of all the private ranges you use (nn.nn.nn.IN-ADDR.ARPA).
I think the issues I have encountered are less now.... My questions.
- From my lab.company.com DNS server - do I need to update my
/etc/resolv.conf file so that it shows:
search lab.company.com company.com nameserver 192.168.17.2 nameserver 10.100.1.24
The 'search' applies to lookups from clients on that particular machine where a bare host name is requested.
- With the above /etc/resolv.conf I can ping forward and backwards
hosts, except - reverse lookup to host within company.com's domain still shows the root servers .. :(
If you aren't primary/secondary, it walks down following referrals from the root servers. For private ranges you won't get the right answer because they aren't delegated.
- Strangest and confusing, is performing nslookup FROM
lab.company.com's DNS server :
a. responds to nslookup company.com: nslookup 192.168.17.1 Server: 127.0.0.1 Address: 127.0.0.1#53
1.17.168.192.in-addr.arpa name = qatest1.lab.maxiscale.com.
[root@myhost named]# nslookup maxiscale.com Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: company.com Address: 10.100.1.24
BUT it can't find an answer for ITS OWN domain:
nslookup lab.company.com Server: 127.0.0.1 Address: 127.0.0.1#53
*** Can't find lab.company.com: No answer
Usually the origin of the zone has A and NS records in the parent zone.