Zone-based DNS forwarders question
Michael Kjorling
michael at kjorling.com
Mon Apr 15 19:05:27 UTC 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Apr 15 2002 14:05 -0000, Shawn Barnhart wrote:
> Am I reading the docs correctly? Is it possible to do zone-based
> forwarding?
Yes. Just define a "type forward;" zone with a forwarders{} clause.
> A business partner with a number of applications we need to access has an
> internal/external DNS setup. The external DNS that our clients ultimately
> query when they make DNS queries returns a real, non-RFC1918 address, but
> the applications can't use these addresses -- traffic goes to them over the
> internet and doesn't reach the hosts the applications are on.
>
> When clients make a DNS query that gets resolved by the business partner's
> internal DNS, a different non-RFC1918 address gets returned -- this one
> represents the server's "actual" IP address, and traffic flows over our
> defined private link.
>
> we've kludged a solution to this problem in the office affected by it by
> giving out the business partner's internal DNS as our client's DNS server
> address. A more optimal solution (or a better kludge, depending on your
> perspective) would be using a forwarder zone for the domain(s) that
> dependent applications use.
>
> Is it possible to do this on a semi-atomic level, though? Can I define a
> zone with some static entries and have the rest be forwarded?
No, but you can always define the static entries as separate zones.
I would say that it seems like what you want to do can be made with
slave zones instead, though - and that has the added benefit that you
are not depending on another DNS server for every query.
Michael Kjörling
- --
Michael Kjörling -- Programmer/Network administrator ^..^
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4 \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e
``And indeed people sometimes speak of man's "bestial" cruelty, but
this is very unfair and insulting to the beasts: a beast can never be
so cruel as a man, so ingeniously, so artistically cruel.''
(Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE8uyR6KqN7/Ypw4z4RAqTfAJ4yI6Ob3HrYtW0PZJ5trqgf5m1f4QCcCULK
aDtpq+cXVmu2LpDI7y/pnWs=
=210B
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list