Question : DNS forwarders

DNS forwarders

I have DNS zone (ZoneX.com) in  DNS server (DNSA) at domainA.com.
This is an AD Integrated zone.

I have the same DNS zone name (ZoneX.com) in another DNS server (DNSB)at domainB.com which is primary zone and the secondary zone is in DNSC which is also in DomainB.com.
 both domains A and B are in 2 different forests
with no trust.

I deleted the primary zoneX.com at DomainB DNS server(DNSB).
in DNSB Forwarders tab I added DNSA IP address with ZoneX.com.
So that any request to ZoneX.com initiated will be forwarded to DNSA.

1-after deleting the primary zoneX.com from DNSB, would the secondary zone get deleted automatically from DNSC?

2-from  DNSB if I run nslookup zonex.com, it shows:
server:DNSB.DomainB.com
Address: the IP address of DNSB

Name: ZoneX.com


from the result of the nslookup command above, it looks like the zoneX.com is resolved by DNSB instead of DNSA, though it's deleted from DNSB and there is forwarder to DNSA. I was expecting to see No-authoritative....

Any idea?

Thanks

Answer : DNS forwarders


> My question is what is the way to find the DNS server where the zonename is located?
> or the computername.zonename record is located?

You have to assume the data returned by these two is correct:

nslookup -q=ns zonex.com
nslookup -q=soa zonex.com

You cannot, from the client, find details of Conditional Forwarders configured on a server from the DNS query alone (the DNS packet doesn't contain that kind of information).

That makes the answer to these two as follows:

> and it will give the DNS server that resolved the query,

Yes.

> if there is forwarder, it should also give us the DNS that resolved the query.

No. If you look at it from the clients perspective this happens:

1. NsLookup sends a DNS Packet to DNSB requesting "something" from zonex.com and waits for a response
2. DNSB sees the request and considers how to deal with it
  a. If a cached answer exists it will respond with that
  b. If a Forwarder (conditional or general) exists it will send the request to that server and wait for a response
    - This represents a role-change. DNSB becomes the DNS client, it sends out a request and waits for a response
  c. If no forwarders exist, DNSB will begin Iterative name resolution, starting with Root Hints
3. DNSB receives a reply (in this case from the Forwarder), stores it in the Cache and returns the answer to the Client
4. NsLookup receives the response from DNSB

The DNS packet is designed to be as small as possible, it contains the following:

1. A packet header, containing:
  a. Response Code (RCode)
  b. Flags (Such as Recursion Desired, Recursion Allowed, Authoritative Answer, etc, etc)
  c. OpCode, defining what the packet is (Query, in this case)
  d. The number of individual records returned in each section, Query, Answer, Authority and Additional

2. A packet payload, containing:
  a. The original question (Name, Class, and Resource Record Type). e.g.  Name: experts-exchange.com; Class: IN; RR Type: A
  b. Answer: Answers to the question. e.g. experts-exchange.com. IN A 64.156.132.140
  c. Authority: If the answer is not entirely complete, any additional NS records used to find the complete answer
  d. Additional: A records associated with Authority

The packet does not contain information about the server resolving the request. That information is returned separately when using NsLookup, and only from the name server used by the client (NsLookup is the client).

Chris
Random Solutions  
 
programming4us programming4us