[Fwd: Re: [SLE] Suse 9.0, resolv.con, and multiple name servers]

From: Mobeen Azhar (moby_at_mobsternet.com)
Date: 03/15/04

  • Next message: Andrew Nelson: "[SLE] DHCP Firewall DMZ issues" 
    Date: Mon, 15 Mar 2004 14:39:54 -0600
To: suse-linux-e@suse.com

    Thanks for your response Jaan.

    The issue then, from your response below, is that the first DNS server
    responds, even though the response is negative. A Linux box will only
    go to the other DNS servers listed in resolv.conf if there is NO
    response at all from the first DNS server.

    To get around this, I installed BIND9 on the Linux box and setup a
    forwarding only DNS server. Then, in /etc/resolv.conf/ I put in
    nameserver 127.0.0.1 (this is probably not necessary from what I can
    gather). In my named.conf, I have the following entries to allow the
    server to forward requests:

    forwarders {a.b.c.d;z.y.x.u};

    However, even now, only the name server listed first in the forwarders
    list works! Does BIND also only goes to the second forwarder address if
    the first one does not respond at all? Is there a way to make BIND go
    to the second forwarder address if the first one returns a NXDOMAIN
    response?

    Thanks again for you

    --Moby

    They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin

    First they came for the Jews and I did not speak out because I was not a Jew.
    Then they came for the Communists and I did not speak out because I was not a Communist.
    Then they came for the trade unionists and I did not speak out because I was not a trade unionist.
    Then they came for me and there was no one left to speak out for me. -- Pastor Martin Niemöller

    Jaan Kold wrote:

    >On Monday 15 March 2004 19:13, Mobeen Azhar wrote:
    >
    >
    >>I am running Suse 9.0. It appears that the system does not honor
    >>multiple nameserver entries in /etc/resolv.conf. My /etc/resolv.conf
    >>looks as below:
    >>
    >>nameserver a.b.c.d
    >>nameserver z.y.x.u
    >>
    >>
    >
    >First off I'm not a true techie/geek. Just a bystander. But I try to pay some
    >attention at least. My local techie did look into all this, pissing off DNS/
    >BIND guys while doing so -):
    >
    >This is "how it works" according to the specs. You can't have multiple
    >*responding* isolated DNS:s and expect it to work. A Linux boxen will *only*
    >traverse a client DNS servers listing if there is *no response*. You do need
    >to have DNS:es talk to each other? to pass you up the list, ehem..at this
    >stage I'll be quiet since I haven't actually setup a DNS.. (a caching only is
    >on the to-do list). I think you know what I'm trying to say though.
    >
    >And yes, "my local geek" was mighty upset when he found out, weird as it is..
    >this behaviour is from libc/glic (he is a developer thus refusing the answer
    >at first, and he dug until he knew why). This is nothing to play with.. in
    >other words.
    >
    >The reason why this came as a real surpise, was that indeed our WIndows
    >clients *did* traverse the DNS list if it gets a.."bad answer?" from the
    >first DNS....you follow me on this?
    >
    >PS: If I make any BIND guru's upset, since I obvioulsy don't grasp this fully:
    >please forgive me...
    >
    >jk
    >
    > 

    -- 
--Moby
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.  -- Benjamin Franklin
First they came for the Jews and I did not speak out because I was not a Jew.
Then they came for the Communists and I did not speak out because I was not a Communist.
Then they came for the trade unionists and I did not speak out because I was not a trade unionist.
Then they came for me and there was no one left to speak out for me.  --  Pastor Martin Niemöller 
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Andrew Nelson: "[SLE] DHCP Firewall DMZ issues"

    Relevant Pages

    • Re: SBS2003 - Cannot restore GPO following Article 888943
      ... Thanks for your response. ... PASS - All the DNS entries for DC are registered on DNS server ... Computer Policy Refresh has completed. ... The Group Policy snap-in starts, ...
      (microsoft.public.windows.server.sbs)
    • Re: Top Ten Reasons Why Doctor Who fans dont like Sebastian Brook or his supporters.
      ... Sure I'll speak my mind but at the end of the day this is just about ... was only ever in response to the nature of your own messages. ... Believe me I am still learning to do the ... Bear in mind the rest of the group will judge you for your answer whether ...
      (rec.arts.drwho)
    • Words "Mother" & "Father" Barred From Spanish Birth Certificates
      ... rather wiggled his finger in response to a question because he believed things ... lesbians are among the first to balk at the administrative change ... If things continue down this path, eventually no one will be permitted to speak ... auditory rape since the act of communication puts the recipient of the message ...
      (soc.men)
    • just now, it fits a boy too faithful away from her ambitious venue
      ... succeeding to speak you some of my female mechanics. ... Let's snap in response to the dominant lectures, ... Mohammad needs, then Stephanie noisily jokes a chief ...
      (sci.crypt)
    • Re: DNS Records Do NOT Have Timestamp Value
      ... "Michael Mach" wrote in message ... also one other DNS server, ... The DHCP server is handing out addresses for xp clients. ... Cross-posting posts to multiple groups simultaneously for better exposure, and if anyone responds in any one of the groups, the response goes to all groups it was cross-posted to. ...
      (microsoft.public.windows.server.dns)