Is there a way to exclude a RR during a zone transfer?
kcd at daimlerchrysler.com
Fri Nov 17 19:01:14 UTC 2006
Walt Park wrote:
> Hello and thanks in advance for any advice.
> We have 2 locations that we'd like to share name space.
> Lets say mainoffice and branchoffice.
> I'd like names in branchoffice to be branchoffice.mainoffice.com, and I'd
> like to
> zone transfer from mainoffice to branchoffice.
> The problem I'm trying to solve is that both locations run different
> active directories, that we'd like to segregate. If the whole file is
> then the SRV records in the mainoffice.com forward lookup will allow people
> in the mainoffice.com AD domain authenticate on the
> AD domain, which is something we dont want.
> When we zone transfer, I'd like to exclude SRV records from the forward
> Or conversely, if we could only include certain types of records in the
> that would be even better. All I want to transfer is A, CNAME, TXT, and MX
> in the forward file.
> Is there a way to limit what record types can be transfered either by
> or include, or is it only the whole enchilada?
No, that's not a feature of BIND, and I don't think it'll ever be a
feature, since it fragments namespaces in a way that is confusing,
error-prone and dangerous.
But, I have to ask: why doesn't the branchoffice AD have their own SRV
records in the branchoffice.mainoffice.com subdomain? If the clients
found _those_ SRV records, then they presumably wouldn't look for SRV
records in mainoffice.com and you wouldn't have an issue. Maybe I'm
misunderstanding something about your design...
More information about the bind-users