Forwardin Split DNS

Brad Knowles brad.knowles at skynet.be
Wed Apr 25 15:16:24 UTC 2001


At 3:25 PM +0200 4/25/01, Torsten Rink wrote:

>  A lookup of xyz.foobar.com shows "Non existent host/domain" because the
>  named looks up in cache/root cache and does not follow the forwarding
>  zone path.
>
>  Is there anything else to think of ??

	See the archives.  Forwarding is done on the resolver side, which 
is only checked if the server in question is not authoritative for 
that zone.

	Result: Don't do this.  Put recursive/caching-only servers on 
separate machines from the authoritative/non-recursive servers, and 
then if you still need to do forwarding you can do that from the 
recursive/caching-only servers.


	However, generally speaking, forwarding is evil and should be 
avoided if at all possible.  Among other things, it causes the kind 
of confusion that which resulted in your posting this question.  If 
you had a different architecture that did not use forwarding, you 
would not have this problem.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'


More information about the bind-users mailing list