DNS Forwarders? 1

[TECHMAN007]

Here is the problem I am having.

I have network mynetwork.com which has a DNS server that is managed by me. I maintain all forward and reverse lookup zones. It works great.

We have network VPN access to theirnetwork.com which allows us to get to some of theirnetwork.coms intranet addresses/servers so I have a forward lookup zone for theirnetwork.com because we need it for internal ips. I would LOVE to set it up with a forwarder so anything that is not found in our managed forward lookup zone could be searched via a public DNS server but can't because I haven't found a way to forward un-answered dns lookups to an external dns server. We do not have access to their DNS server otherwise I would just point to theirs and skip the forward lookup zone for their company all together. The way I have it setup right now requires me to maintain ALL addresses for the domain theirnetwork.com due to the fact you can't have forwarders for domains you have setup as forward lookup zones on your DNS server.

I will definately not claim to have a good deal of knowledge on DNS so if anyone has comments on what I should do with this please let me know!

T.I.A.

 

[WhoKilledKenny]

You can use the Forwarders Tab on you DNS Server(s) Poperties to forward requests to Their domain. You will need to backup and remove the forward lookup zone boefore you can add the Forwarder, otherwise you will get an error.

 

[TECHMAN007]

I need to have that forward lookup zone because there are DNS entries we need to manage for that company that aren't on the public dns server. I just don't want to have to manage public ip addresses.

 

[elgrandeperro]

I am not a windows DNS guy, but a I do work with those guys.

You can forward that particular domain, AND I think what WhoKilledKenny suggests, put an overall default forwarder AND a forward for that particular domain.

That way, the requests for your private domain will go the private DNS, and everything that is not resolved locally will go to the public accessible DNS server to be resolved.

gene

 

[TECHMAN007]

The problem is that we only have one DNS server that is the private DNS server. I can't remove the forward lookup zone and I can't put it on a different DNS server. I was just wondering if there was a way to forward lookups that weren't able to resolve on this server to a different server (even though this server contains a forward lookup zone for that domain already).

 

[Koonan]

It sounds like you created your own "stand-a-lone" forward lookup zone for theirnetwork.com, on your DNS server. By doing this you have created a Start Of Authority record for theirnetwork.com on your DNS server. Once a DNS query hits a server with a SOA record for a zone, it stops looking. There is noway to forward unknown records to another DNS server, because your DNS thinks it's authoritative for that zone. Forwarders only work for zones your DNS server is not authoritative over.

 

[elgrandeperro]

I misunderstood. You want to see private & public dns for theirnetwork.coms, and right now you have a forward direct to their internal servers.

Koonan is right, once you specify forwarding it the only choices for response are the forwarders (BIND has options to forward first, then look in cache).

The only other option is to get the remote site to allow you to named-xfer the raw bind files, then merge them programmatically. ( done this, but not recommended)

gene

 

[TECHMAN007]

Koonan, thanks! That is exactly the answer I was looking for. Not necessarly what I wanted to hear but I had a feeling that is what it would be.