Sorry - good point. Yes, the slave is also being the firewall.

If I set the master addres to 192.168.1.1, I get the same result. If I
check my master logs, I do see that my Master dns server is being queried
for the records and responding to bind's requests.

Is there a way I can have bind log more detailed info to try to understand
why it thinks the response is non-authoritative?

Thanks!

Eric

"Chris Buxton" wrote in message
news:B93F8A8D-F72E-47AF-8074-BCBEF1132075@menandmice.com...
You didn't say whether the slave server is also behind the firewall.
If it is, I would guess that the non-authoritative answer is coming
from the firewall, not from the actual master server. What happens if
you set the master server address in your zone statement to 192.168.1.1?

Chris Buxton
Professional Services
Men & Mice

On Mar 31, 2008, at 9:57 AM, Eric B. wrote:
> Hi,
>
> I'm trying to set up bind 9.2.4 to create slave zones on my machine
> for a
> bunch of dns zones. The master is a Win2K Server running it's built-
> in DNS
> (not Active Directory).
>
> My named.conf file lists the following:
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> zone-statistics yes;
> notify yes; // notify the above IP's when a zone is updated
> pid-file "/var/run/named/named.pid";
> transfer-format many-answers; // Generates more efficient zone
> transfers
> listen-on { any; };
> };
>
> include "/etc/rndc.key";
>
> zone "mydomain.biz.dns" IN { type slave; file "slaves/
> mydomain.biz.dns";
> masters { 198.20.1.1; }; };
>
>
> // Include logging config file
> include "/var/named/conf/logging.conf";
>
>
>
> However, if I look at /var/log/named/general.log, I see the
> following error
> messages:
> Mar 31 12:26:25.902 zone mydomain.biz.dns/IN: refresh: non-
> authoritative
> answer from master 198.20.1.1#53
>
> This is confusing me extremely. If I check the configuration on the
> master
> server, the zone is configured as the primary server. If it is of
> any help,
> I can also post the actual dns conf file for the zone on the W2K
> server.
>
> The only thing I can think of is that my zone's NS records point to
> my DNS
> server's public address, even though my DNS server is actually
> behind a
> firewall and has an internal address:
>
> ; Zone NS recors
> @ NS ns1.mydomain.biz
> ns1.mydomain.biz. A 198.20.1.1
>
> But my primary server's address is actually 192.168.1.1 (and mapped to
> 198.20.1.1 through my firewall rules).
>
>
> Is this a configuration problem of bind, the Win2K server, or the
> actual
> zone information within the DNS server?
>
> Any help, ideas, suggestions would be greatly appreciated.
>
> Thanks,
>
> Eric
>
>
>
>
>