Is there a way...

Kevin Darcy kcd at daimlerchrysler.com
Fri May 31 00:02:34 UTC 2002


joliver at john-oliver.net wrote:

> On 30 May 2002 15:51:32 -0700, Kevin Darcy wrote:
> >
> > joliver at john-oliver.net wrote:
> >
> >> ....to have a BIND 9 server with two views.  Each view runs an
> >> authoritative zone for the same domain.  One view will, if it cannot
> >> resolve a name, forward the query to the other view.  Is that possible?
> >
> > No. Either you're authoritative for a zone, or you forward queries for that
> > zone. In BIND, the two zone types are mutually exclusive (don't be fooled by
> > the fact that a "forwarders" clause can be included in the definition of an
> > authoritative zone -- that's only there for the purpose of turning off
> > forwarding for names in subzones). The "view" feature doesn't change this
> > fundamental design decision.
> >
> > Having said that, however, you could always $INCLUDE the "common" entries
> > into both zonefiles...
>
> Well, the reason I ask is because I want to do this for domains I'm not
> authoritative for.

You previously said "Each view runs an authoritative zone for the same domain".
Are we now talking about a different problem/challenge?

> My employer manages several distributed networks which are privately
> addressed.  There are some pieces of software which react oddly to NAT,
> or rather the specific implementation of NAT.  The easiest solution in
> these cases would be to be able to run a zone for their domain mapping
> certain hostnames to private addresses, and then forwarding all other
> requests to the real authoritative server, wherever that might be.
> Right now, we use hosts files, which is a real train wreck... :-)
>
> What about a wildcard entry:
>
> *               IN      NS      the.real.authoritative.server.
>
> That seems to easy, though... :-)

Yup, definitely too easy. "Wildcard delegation" simply doesn't work.

You could, of course, define each of these "problem" names as a zone by itself in
your nameserver (just the A records, though; you can't "zoneify" a CNAME). That's
the only solution (blech) which comes to mind right now...


- Kevin





More information about the bind-users mailing list