forwarders directive on internal root-server?

Ted_Rule at flextech.co.uk Ted_Rule at flextech.co.uk
Mon Jun 28 08:38:26 UTC 1999



I've not tried it myself yet, I'm afraid, but I believe you may be able to build
a neater "topology"
using the "forward zones" capability of 8.2.1. It is said this now mirrors and
enhances the
previous "noforwarders" patch to 4.9.3 and above.

I was always personally convinced that internal roots were a generally bad idea,
and preferred to
build internal multi-level split DNS with the noforwarders directive. Sadly it
was unavailable in bind8
 - until now perhaps.

The idea is for the internal master/slave servers ( behind a firewall ) for the
top-level internal zone to have something like:

options {
     forwarders { IP Address of DNS server on firewall; };
     forward only;
}

zone "t-online.de" {
        type master;
        file "master/db.t-online.de";
        check-names fail;
        forwarders {};
}

The wierd config of the top-level internal master zone with a forwarders
statement is supposedly a brand new twist in 8.2.1,
and makes this whole trick possible.

whilst the internal master/slave servers have stub and noforwarding
arrangements:

options {
     forwarders { IP Address of DNS server on firewall; };
     forward only;
}

zone "t-online.de" {
        type stub;
        file "stub/db.t-online.de";
        masters { IP address of toplevel internal master; };
        check-names warn;
        forwarders {};
}

OR

options {
     forwarders { IP Address of DNS server on firewall; };
     forward only;
}

zone "t-online.de" {
        type forward;
        check-names warn;
        forwarders {};
}



A detailed reading of the release notes and HTML config guide in the bind-8.2.1
source may help to enlighten.

Sadly, the tricks are so new, they don't yet appear on www.isc.org's HTML'ed
bind-8.2 config guide.

I'm afraid these features are very new - so consider yourself duly warned, and
I've probably got the exact syntax wrong
- you may well find you have to omit the "forward only" option for instance. But
it's nice to have a challenge to solve every day!


Ted Rule,
Flextech Television







V.Dormeyer at t-online.de (Volker Dormeyer) on 27/06/99 17:47:55

To:   bind-users at isc.org
cc:    (bcc: Ted Rule/160GPS/Flextech/UK)

Subject:  forwarders directive on internal root-server?




Hi,

I have a question to the forwarding issue again (bind 8.2.1).

For now we have some internal ROOT-nameservers to help the
other normal nameservers resolve their data in some subdomains
on different locations.

Now, additionally a firewall comes in to the game. Some
of the clients from the internal network must see the
internet address space. So, we would like to provide these
clients a solution to resolve official internet names and
addresses.

Is it possible to let the internal ROOTS point to the
firewall via a forwarders directive?

hope anyone can help me with this.

Thanks
-Volker-

--
################################
 sender: Volker Dormeyer
 eMail:  V.Dormeyer at t-online.de
################################





*****************************************************************
This E-mail message, (including any attachments), is intended
only for the person or entity to which it is addressed,
and may contain confidential information.

If you are not the intended recipient, any review, retransmission,
disclosure, copying, modification or other use of this E-mail message
or attachments is strictly forbidden.

If you have received this E-mail message in error, please contact the
author and delete the message and any attachments from your computer.

You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the
views and opinions of FLEXTECH Television.
*****************************************************************



More information about the bind-users mailing list