Forward only some subdomains?
Kyng Chaos
wkyng at ccchhhaaarrrttteeerrr.nnneeettt
Tue Feb 10 16:13:42 UTC 2004
In article <c085f1$2gca$1 at sf1.isc.org>,
David Botham <DBotham at OptimusSolutions.com> wrote:
> > >Anyway, put to RR's into
> > > your internal zone, one for pop... and the other for smtp... each with
> the
> > > IP address of the pop and smtp servers respectively (or the same IP if
>
> > > both service run on the same box).
> > >
> > that's what I'm doing now. It just doesn't seem right, since they may
> > change their mail server IPs, and I would have to keep an eye on that
> > and change the internal zone whenever that happens.
>
> Yes, this situation is a little unfortunate, however, that is the price
> you pay if you do not run your own name servers.
>
> However, you could make pop. and smpt. CNAMEs for charter's domain names.
> That way, if they change the IP address associated with their domain
> names, you won't care.
>
If you mean:
pop.ourdomain.com IN CNAME pop.chartermi.net
then that's no good - they're switching us to pop.ourdomain.com, which
is what caused this DNS problem. No guarantee the the two will resolve
the same in the future. I guess I'll stick with manually assigning them
in my internal zone setup. And look seriously at our own mail server.
> Once upon a time when firewalls were alomost exclusively proxy based, you
> were forced into "forwarding" to the internal interface of your firewall.
> Then, along came stateful inspection and I think (just a guess) that
> people thought "forwarding" was a requirement, so they started forwarding
> to their ISP. If you can forward to your ISP, then you can certainly turn
> off forwarding and use normal resolution / iteration to answer internal
> queries.
Hm, I'll look into this.
> >
> > IS there a way to do this then? - handling only PART of a domain?
>
> You can do part of a domain if you are talking about subdomains, however,
> you cannot do "part" of a zone. If a name server has loaded a zone
> (either as master or slave), then that name server will never look for
> data on any other server for data that is in that zone.
Bummer.
thanks
- WoK
--
Don't Panic.
More information about the bind-users
mailing list