vincenzo romero wrote: > thank you again, more clarification, if anyone can pls shed light ... > >> That happens anyway if the forwarder is not authoritative - that is, the >> forwarder will act as a caching proxy. > > ok - so my lab.company.com is authoritative, so it should keep a copy > of company.com's information then and be able to respond to queries > even within the domain of company.com? Yes, if a server is configured as primary or seconday for a zone it will reply directly without asking anyone else. >> It's not really polite to send private IP reverse lookups to the public >> root servers, but I suppose millions of places do... > > i'm sorry, but how do i configure (or any pointer pls?) so that I do > not point to the public root servers? i just followed templates; > whereas, the company.com DNS, I was not the one who configured it. Configure your servers as primary or secondary for the reverse zones of all the private ranges you use (nn.nn.nn.IN-ADDR.ARPA). > I think the issues I have encountered are less now.... > My questions. > > 1. From my lab.company.com DNS server - do I need to update my > /etc/resolv.conf file so that it shows: > > search lab.company.com company.com > nameserver 192.168.17.2 > nameserver 10.100.1.24 The 'search' applies to lookups from clients on that particular machine where a bare host name is requested. > 2. With the above /etc/resolv.conf I can ping forward and backwards > hosts, except - reverse lookup to host within company.com's domain > still shows the root servers .. :( If you aren't primary/secondary, it walks down following referrals from the root servers. For private ranges you won't get the right answer because they aren't delegated. > 3. Strangest and confusing, is performing nslookup FROM > lab.company.com's DNS server : > > a. responds to nslookup company.com: > nslookup 192.168.17.1 > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > 1.17.168.192.in-addr.arpa name = qatest1.lab.maxiscale.com. > > [root at myhost named]# nslookup maxiscale.com > Server: 127.0.0.1 > Address: 127.0.0.1#53 > Non-authoritative answer: > Name: company.com > Address: 10.100.1.24 > > BUT it can't find an answer for ITS OWN domain: > > nslookup lab.company.com > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > *** Can't find lab.company.com: No answer Usually the origin of the zone has A and NS records in the parent zone. -- Les Mikesell lesmikesell at gmail.com