zone delegation and forwarders

Larson, Matt mlarson at netsol.com
Wed Jul 26 16:51:10 UTC 2000


> My current DNS setup has a master server that supports the internal
> (behind the firewall) view of the fujitsu.com.au domain. The
> configuration is set to forward to the external DNS server, any
> unresolvable requests.
> This has worked fine until now when I've been asked to add 
> and delgate a
> zone for a W2000 project. This doesn't work with forwarders ('DNS and
> BIND', 3rd Edition, P 383) and internal roots are not an option.
> 
> Is this issues addressed in BIND 8.2.3 or do I have to wait 
> for BIND 9?

You can do it in BIND 8.2.1 and later using the
flexible/conditional/selective forwarding features.  (Which, BTW,
desperately need a name that everyone agrees on.)  The strategy is to tell
all your forwarding name servers, "Hey, don't forward queries for any domain
names in this domain; use normal iterative resolution to find the answer
instead."  One your master name server, use the magic "don't forward"
incantation, like this:

zone "w2k.fujitsu.com.au" {
	type stub;
	masters { 10.1.2.3; };
	file "stub.w2k.fujitsu.com.au";
	forwarders { };
};

You need to make your fujitsu.com.au master server a stub (slave works, too)
for the W2K subdomain because if you're going to say, "don't forward for
this domain", then you need to have a list of NS records for zone
corresponding to the apex of the domain so your name server knows where to
begin the resolution process.

> [Also any pointers to info on setting up W2000 to use an existing UNIX
> DNS (BIND 8.2.2P5) would be appreciated]

Nominum covers that topic in its DNS training curriculum; see
http://www.nominum.com/training/bind2-description.html.

Matt
--
Matt Larson <mlarson at netsol.com>
DNS Platform Manager
Network Solutions Registry / www.nsiregistry.com






More information about the bind-users mailing list