Is there a way to exclude a RR during a zone transfer?

Kevin Darcy kcd at daimlerchrysler.com
Fri Nov 17 19:01:14 UTC 2006


Walt Park wrote:
> Hello and thanks in advance for any advice.
> We have 2 locations that we'd like to share name space.
>
> Lets say mainoffice and branchoffice.
>
> I'd like names in branchoffice to be branchoffice.mainoffice.com, and I'd
> like to
> zone transfer from mainoffice to branchoffice.
>
> The problem I'm trying to solve is that both locations run different
> Microsoft
> active directories, that we'd like to segregate. If the whole file is
> transfered,
> then the SRV records in the mainoffice.com forward lookup will allow people
> in the mainoffice.com AD domain authenticate on the
> branchoffice.mainoffice.com
> AD domain, which is something we dont want.
>
> When we zone transfer, I'd like to exclude SRV records from the forward
> file.
>
> Or conversely, if we could only include certain types of records in the
> transfer
> that would be even better. All I want to transfer is A, CNAME, TXT, and MX
> in the forward file.
>
> Is there a way to limit what record types can be transfered either by
> exclusion
> or include, or is it only the whole enchilada?
>
>   
No, that's not a feature of BIND, and I don't think it'll ever be a 
feature, since it fragments namespaces in a way that is confusing, 
error-prone and dangerous.

But, I have to ask: why doesn't the branchoffice AD have their own SRV 
records in the branchoffice.mainoffice.com subdomain? If the clients 
found _those_ SRV records, then they presumably wouldn't look for SRV 
records in mainoffice.com and you wouldn't have an issue. Maybe I'm 
misunderstanding something about your design...

                                                                         
                  - Kevin



More information about the bind-users mailing list