"Stealth" bind server in uncooperative organization

[meburr at gmail.com]

Barry Margolin wrote:
> In article <d9vcsi$3pi$1 at sf1.isc.org>, meburr at gmail.com wrote:
>
> > The company I work for has been acquired by a huge Windows shop. I'd
> > like to set up an authoritative server for what is now a "remote
> > office" (the acquired company). A sub-domain isn't an option. I've
> > asked.
> >
> > I want to be able to add records for hosts on our network, without
> > having to go through corporate IS (submit a ticket and wait, and wait).
> > I could set up a server for a sub-domain of my choosing, but I want for
> > my hosts to be resolvable outside of our office. Of course for these
> > I'll have to go through IS.
> >
> > As far as I can tell, if I'm authoritative for foo.com, I cannot do any
> > kind of forwarding for hosts that my server doesn't know about within
> > foo.com. Is there any way around this? As a last resort, I was thinking
> > about a script that would look up hosts that fail using a different
> > nameserver, and add them to my zone. If that's what I have to do, is
> > there a hook somewhere that I could use, like a "failed-queries-script"
> > parameter?
>
> Don't make yourself authoritative for foo.com.  Create separate zones
> for each of the xxx.foo.com hosts you want to be authoritative for.
>
> zone "host1.foo.com" {
>   type master;
>   file "host1.db";
> };
> zone "host2.foo.com" {
>   type master;
>   file host2.db";
> };
> ....

Wow. Can't say I thought of doing that. I'd be all for it if there was
some easy way to manage all those zones. I guess I could write a script
to automatically generate them from a "fake" master zone file.

I had another thought: Is there some exotic way I could use a wildcard
record? I could have a record for each of my hosts, then somehow
forward *.foo.com queries.

>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***