Bind812. Point to another domain without root servers.

Kevin Darcy kcd at daimlerchrysler.com
Fri Jan 5 22:54:09 UTC 2001


Barry Margolin wrote:

> In article <932v4u$8l4 at pub3.rc.vix.com>,
> Kevin Darcy  <kcd at daimlerchrysler.com> wrote:
> >
> >Barry Margolin wrote:
> >
> >> In article <932pmh$70b at pub3.rc.vix.com>,
> >> Diego Balgera <diego.balgera at nokia.com> wrote:
> >> >Hi,
> >> >my question is simple. I have a dns (dns1) with bind 8.1.2, with authority
> >> >(SOA) over a zone (assume it is domain1.com). I would like to configure it
> >> >to ask queries to another dns (dns2) with authority over another zone
> >> >(domain2.com). I should configure the root dns, but at the moment I haven't
> >> >any root dns at all.
> >> >So, is it possible to fill the "." hint zone file to point directly to the
> >> >other domain without going up in the hierarchy?
> >>
> >> No.  The hints file is only used to get the initial list of root NS
> >> records.
> >
> >Indeed. And even if it did work (which it _could_, in the case of an internal
> >root), I doubt that the administrators of dns2 would appreciate you
> >sending all of
> >your "garbage" queries (typos, etc.) to their server for resolution.
>
> His proposed configuration wouldn't have sent all garbage queries to their
> server.  He asked about putting a non-root NS record in the hints file.

Sorry, I thought that his plan was to put the other nameserver in his hints file as a
root server. Looking more closely, I see that he was trying to do what you described.
Which of course wouldn't even get off the ground.

> >You should either a) forward or b) have a zone definition for root which
> >references one or more *real* root server(s). This could be a hints, stub, master
> >or slave zone definition. In the case of master, of course, you'd have to set up
> >your own root zone master file. But it's not that hard.
>
> Again, he's not talking about root zones, just specific zones.

Okay, but regardless of how he arranges to talk to that other nameserver, wouldn't
you agree that, in the absence of forwarding, he should have *some* definition for
the root zone, at least a hints definition? Otherwise named is going to constantly
complain and give SERVFAILs for some queries.

> >> You need to upgrade to BIND 8.2, and then you can create a "forwarding"
> >> zone:
> >>
> >> zone "domain2.com" {
> >>   type forward;
> >>   forwarders { 100.101.102.103; };
> >> };
> >
> >If the remote server is authoritative for the zone and allows zone transfers, and
> >especially if redundancy is a requirement, then becoming a slave for the zone
> >might be preferable to forwarding. Also, a stub zone might perform better than
> >forwarding, although with less redundancy than slaving. If the remote server is
> >*not* authoritative, then of course forwarding is the only reasonable option. If
> >the remote server is not authoritative and also refuses recursion, then that's a
> >showstopper.
>
> I don't think stub would work for this.  AFAIK, the only thing stub is for
> is inserting NS records into a parent zone, and you have to be
> authoritative for the parent zone.

Stub zones have wider application than that. They're a way of keeping *any* arbitrary
NS set automatically up to date. To meet the original poster's requirements, the
remote domain in question would be set up as a stub, so his nameserver would be able
to resolve names in that domain (iteratively), even in the absence of any delegation
of that domain. Of course, this presumes that his server can talk to at least one of
the nameservers in that NS set (preferably more than one, for redundancy). I know
Cricket recommends stubs in some split DNS configurations (where you stub your
internal domains in order to *override* the external view of same), and I've used
them extensively here in that function.

Stubs can, of course, be taken to ridiculous lengths. The way that the
ANX (Automotive Network eXchange) runs rootless, for instance, is to have all of the
major providers constantly download and install a file consisting of stub definitions
-- hundreds or thousands of them. I think that goes a little overboard.


- Kevin





More information about the bind-users mailing list