Forward only some subdomains?

Kyng Chaos wkyng at ccchhhaaarrrttteeerrr.nnneeettt
Tue Feb 10 16:13:42 UTC 2004 

In article <c085f1$2gca$1 at sf1.isc.org>,
 David Botham <DBotham at OptimusSolutions.com> wrote:

> > >Anyway, put to RR's into 
> > > your internal zone, one for pop... and the other for smtp... each with 
> the 
> > > IP address of the pop and smtp servers respectively (or the same IP if 
> 
> > > both service run on the same box).
> > > 
> > that's what I'm doing now.  It just doesn't seem right, since they may 
> > change their mail server IPs, and I would have to keep an eye on that 
> > and change the internal zone whenever that happens.
> 
> Yes, this situation is a little unfortunate, however, that is the price 
> you pay if you do not run your own name servers. 
> 
> However, you could make pop. and smpt. CNAMEs for charter's domain names. 
> That way, if they change the IP address associated with their domain 
> names, you won't care.
> 
If you mean:

pop.ourdomain.com IN CNAME pop.chartermi.net

then that's no good - they're switching us to pop.ourdomain.com, which 
is what caused this DNS problem.  No guarantee the the two will resolve 
the same in the future.  I guess I'll stick with manually assigning them 
in my internal zone setup.  And look seriously at our own mail server.


> Once upon a time when firewalls were alomost exclusively proxy based, you 
> were forced into "forwarding" to the internal interface of your firewall. 
> Then, along came stateful inspection and I think (just a guess) that 
> people thought "forwarding" was a requirement, so they started forwarding 
> to their ISP.  If you can forward to your ISP, then you can certainly turn 
> off forwarding and use normal resolution / iteration to answer internal 
> queries.

Hm, I'll look into this.


> > 
> > IS there a way to do this then? - handling only PART of a domain?
> 
> You can do part of a domain if you are talking about subdomains, however, 
> you cannot do "part" of a zone.  If a name server has loaded a zone 
> (either as master or slave), then that name server will never look for 
> data on any other server for data that is in that zone.

Bummer.


thanks

- WoK

-- 
Don't Panic.

More information about the bind-users mailing list