forwarders overriding zone delegation.

Joseph S D Yao jsdy at cospo.osis.gov
Fri Sep 22 21:56:44 UTC 2000


On Fri, Sep 22, 2000 at 05:43:08PM -0400, Bob Vance wrote:
> What's the logic behind this?
> 
> If we delegate a sub-domain, then we have the NS records for that
> sub-domain, right?
> So why should a global "forwarders" statement in our config override
> that
> knowledge.  It seems silly to me to pass a query on to some other server
> when we have the necessary info at hand.
> 
> I know that we can override the override :) by creating a zone
> of type "forward" for each delegation, but that could be a lot of work
> if there are several delegations.
> Why isn't there just a single option that says,
> "delegations override global forwarding" ?

I can pull in all the delegations I want through my firewall, or even
declare some as being outside my firewall, but I still won't be able to
access them unless I default to forwarding through my firewall.

I _do_ have a lot of internal forwards in my configuration.  I could
also replace them all with stub-type zones that just turn forwarding
off, in the case of delegations (not all are delegations of the master
zone; some even have different TLDs).  But (a) I got the forwarding
working as the universal solution before I understood "stub" zones [I
was coming from V4], and (b) it would be two different solutions for
two groups of internal nodes, and those who come after me might not
understand the difference.  Yes, even if I document it well.

Once set up, it is not that hard to maintain.

-- 
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.



More information about the bind-users mailing list