issue with conditional forwarding

when working with windows dns, it appears that non-recursive queries do not return conditional forwarders.  it’s tragic in a split-brain situation!  let’s take this scenario for example.

i query against my name server for kitchen.home.marcusoh.com.  My name server has a delegation for home.marcusoh.com to another pair of DNS servers.  These servers are for forwarding only and have two conditional forwarders – one that points back to dnsServersA that hold the zone for marcusoh.com and another that points to home.marcusoh.com on dnsServersC.

dnsServersA (marcusoh.com)	dnsServersB (forwarding)	dnsServersC (home.marcusoh.com)
zone – marcusoh.com delegated domain – home	forwarder – home.marcusoh.com forwarder - marcusoh.com	zone – home.marcusoh.com record – kitchen.home.marcusoh.com forwarder – marcusoh.com

 

(everything above is all internal.  there’s a marcusoh.com which is also publicly available – hence split-brain.)

if i query dnsServersC directly for the kitchen.home.marcusoh.com record, i get a successful response.

if i query dnsServersB directly for the kitchen.home.marcusoh.com record, i get a successful response.

if i query dnsServersA directly for the kitchen.home.marcusoh.com record, i get a rcode - “server failure”.

although, the trace indicates that dnsServersA queries dnsServersB successfully, the resulting rcode indicates that something failed.  on closer examination, it appears that the packet from B to A does not include any records for kitchen.home.marcusoh.com.  it simply responds with a set of name servers, which are external.

i don’t have access to the name servers noted as dnsServersB or C.  i guess this will be a “to be continued” story until i get more information.