Forward only some subdomains?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Feb 10 21:25:32 UTC 2004 

> In article <c085f1$2gca$1 at sf1.isc.org>,
>  David Botham <DBotham at OptimusSolutions.com> wrote:
> 
> > > >Anyway, put to RR's into 
> > > > your internal zone, one for pop... and the other for smtp... each with 
> > the 
> > > > IP address of the pop and smtp servers respectively (or the same IP if 
> > 
> > > > both service run on the same box).
> > > > 
> > > that's what I'm doing now.  It just doesn't seem right, since they may 
> > > change their mail server IPs, and I would have to keep an eye on that 
> > > and change the internal zone whenever that happens.
> > 
> > Yes, this situation is a little unfortunate, however, that is the price 
> > you pay if you do not run your own name servers. 
> > 
> > However, you could make pop. and smpt. CNAMEs for charter's domain names. 
> > That way, if they change the IP address associated with their domain 
> > names, you won't care.
> > 
> If you mean:
> 
> pop.ourdomain.com IN CNAME pop.chartermi.net
> 
> then that's no good - they're switching us to pop.ourdomain.com, which 
> is what caused this DNS problem.  No guarantee the the two will resolve 
> the same in the future.  I guess I'll stick with manually assigning them 
> in my internal zone setup.  And look seriously at our own mail server.
> 
> 
> > Once upon a time when firewalls were alomost exclusively proxy based, you 
> > were forced into "forwarding" to the internal interface of your firewall. 
> > Then, along came stateful inspection and I think (just a guess) that 
> > people thought "forwarding" was a requirement, so they started forwarding 
> > to their ISP.  If you can forward to your ISP, then you can certainly turn 
> > off forwarding and use normal resolution / iteration to answer internal 
> > queries.
> 
> Hm, I'll look into this.
> 
> 
> > > 
> > > IS there a way to do this then? - handling only PART of a domain?
> > 
> > You can do part of a domain if you are talking about subdomains, however, 
> > you cannot do "part" of a zone.  If a name server has loaded a zone 
> > (either as master or slave), then that name server will never look for 
> > data on any other server for data that is in that zone.
> 
> Bummer.
> 
> 
> thanks
> 
> - WoK
> 
> -- 
> Don't Panic.
> 
	Ask your ISP to make pop.ourdomain.com and smtp.ourdomain.com
	seperate zone.  You can then just slave them.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list