unsure

Kevin Darcy kcd at daimlerchrysler.com
Thu Aug 2 03:14:11 UTC 2001 

Daniel.Thomas at vodafone.co.nz wrote:

> I have an internal nameserver (off the internet) which looks after my
> departments dns, what I would like to do to if my nameserver can't lookup a
> host it then asks another nameserver  (which happens to be in a different
> department and looking after hosts which my department needs to access).
>
> I also don't have access to the 2nd nameserver, nor will the other
> nameservers admins really help me out, also the 2nd ns has access to the
> internet and root servers etc.

G'day,

Do you want your nameserver to ask the other nameserver about *any* name it can't resolve, or just names in a particular domain, i.e. the domain that the other department uses for its hosts?

I'm not sure why you'd want to forward *all* unresolvable names, including Internet names, to the other nameserver. Since you're "off the internet", presumably you're either a) not accessing the Internet at all, or b) doing so through some sort of proxy. Either way, your end clients wouldn't need to resolve Internet names. If
it really is a requirement to forward *all* unresolvable names, then you could set up "global" forwarding from your nameserver to theirs. Be aware, though, that this might result in significant volume to the other nameserver, which the admins thereof may not particularly appreciate: potentially every mistyped hostname in your
neck of the woods could result in one query (or multiple queries, if you use searchlists) to their nameserver.

If you just want your nameserver to have knowledge of how to resolve names in a *particular* domain that you don't host, then you could set up a zone for that domain as "type slave" (which would require zone-transfer permission), "type stub", or, if you're using an internal root zone (presumably you're using
_somebody's_ internal root zone, since you said you were "off the internet"), just add a delegation for their domain, or get the admins of the internal root zone to do so. Strictly speaking, you could also accomplish this by defining a "type forward" zone, but I would avoid forwarding except in pathological situations where
it is absolutely necessary (e.g. the zone delegates subzones to nameservers you can't talk to).

                                                                                                                                                - Kevin

More information about the bind-users mailing list