Firewall, split dns and the forwarders directive

Barry Margolin barmar at bbnplanet.com
Thu Jul 1 19:03:39 UTC 1999 

   From: "Palano, Joseph" <Joseph.Palano at Fmr.COM>
   Date: Thu, 1 Jul 1999 14:57:04 -0400 

   Barry,

	   What you have said would make sense logically but I don't think it
   agrees with page 385-386 of the "DNS&BIND" v3.  Could you please expand or
   give me a reference.  This issue has been a hot topic for me and the rest of
   the DNS "crew".  Thanks.

I don't see the contradiction.  In the book's example, zardoz is
authoritative for movie.edu, but not authoritative for fx.movie.edu.  So it
never forwards queries for names in the movie.edu zone, but it will forward
queries for names in the fx.movie.edu zone.

A zone is not an entire DNS hierarchy -- it's bounded by delegation NS
records.

   Joe Palano
   UNIX Sys Admin
   Fidelity Investments

   > -----Original Message-----
   > From:	Barry Margolin [SMTP:barmar at bbnplanet.com]
   > Sent:	Friday, June 25, 1999 5:45 PM
   > To:	comp-protocols-dns-bind at moderators.uu.net
   > Subject:	Re: Firewall, split dns and the forwarders directive
   > 
   > In article <01JCTMLXT6RM000C41 at ACAD.DRAKE.EDU>,
   > George W. Miller <GM0551S at ACAD.DRAKE.EDU> wrote:
   > >There is a host, called charlie.drake.edu that sits out on the dmz.  My
   > question
   > >is this: will the interior server forward to the exterior server a
   > question 
   > >about charlie.drake.edu, even though it has the same domain name as the 
   > >interior network?  Thus far, the only way I can get resolution for
   > queries 
   > >concerning charlie is if I place an entry in the interior server host
   > file.
   > 
   > If a server is authoritative (master or slave) for a zone then it never
   > forwards queries for a name in that zone.
   > 
   > -- 
   > Barry Margolin, barmar at bbnplanet.com
   > GTE Internetworking, Powered by BBN, Burlington, MA
   > *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
   > newsgroups.
   > Please DON'T copy followups to me -- I'll assume it wasn't posted to the
   > group.


-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA

More information about the bind-users mailing list