query different dns server if entry not found

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 7 17:14:35 UTC 2002


TP wrote:

> Hai,
>
> I was wondering if the following is possible with BIND/DNS.
>
> For a reverse zone 10.120.0.0 I added all kind of entry's for routers
> and switches. They are spread al over the range. The names for the
> (unix/NT) servers in the same range are managed by an different group.
>
> I was wondering if a request is done for an ip address that's not in
> the list (of my server) can it be still forwarded to the different dns
> server from the system group.

No, not really. BIND doesn't implement "failover forwarding". Your 2
unpalatable *technical* choices are: 1) define each "foreign" entry as a
separate zone, delegated to the nameserver(s) of the other group (who
will also have to define each entry as a separate zone otherwise you'll
run into lameness issues), or 2) define each "foreign" entry as an alias
(CNAME record) to some name controlled by the other nameserver(s); this
loosely follows what RFC 2317 prescribes for so-called "classless
in-addr.arpa delegation".

If you have some administrative leeway and sufficient trust, perhaps you
could allow the other group to update the zone on your master server
(???). I can do this kind of thing because I have a fairly robust
access-control system, but I realize not everyone is that fortunate...


- Kevin





More information about the bind-users mailing list