Hi,

Evironment:
I currently operate a private and public address ranges, with Unix
Tru64
Bind 8.3.4perform public resolves and Novell responsible for internalresolves on a private IP range.My public servers point into the
private
ranges for resolves of internal workstations. E.g if a lab base
student trys
to pop mail from the public mail server the server needs to perform areverse res on the workstation using the internal Novell DNS.

Problem:
If an external internet base student trys to pop mail the mail server
will
first resolve off the internal novell DNS, if the internal DNS cannotresolve it forwards the request onto our public DNS forwarder a Tru64
Unix
system. If the external DNS server is unable to resolve an external
address
it will reply back to the internal Novell server with a host/Unknow
OK,
however the internal novell DNS after receiving this response from the
will
not respond to the originating mail server causing a timeout on client

sessions. this is the problem. If I try to resolve any unknown IP
address
from the internal server I have returned a timeout not a host/domain
unknown
as should be the case.

Findings:
What I have discovered is if I allow the internal DNS to access the
Internet
directly everything works OK. This is not the solution though the
internal
must resolve through the external primary DNS forwarder, it seems as
though
the Novell DNS does is not seeing my external forwarder as an
authoritive
DNS for responses on other external domains and so has to make
certain
itself (internal) of the response.

I have sniffed the DNS transactions between the external and internalservers, finding the external server is communication by sending an
unknown
host/domain to the internal Novell DNS but no response is being passed
back
to the originating server (mail) ending in a "time out message".



Any help would be much appreciated

Nev.