Is there a way to exclude a RR during a zone transfer?
Kevin Darcy
kcd at daimlerchrysler.com
Fri Nov 17 19:01:14 UTC 2006
Walt Park wrote:
> Hello and thanks in advance for any advice.
> We have 2 locations that we'd like to share name space.
>
> Lets say mainoffice and branchoffice.
>
> I'd like names in branchoffice to be branchoffice.mainoffice.com, and I'd
> like to
> zone transfer from mainoffice to branchoffice.
>
> The problem I'm trying to solve is that both locations run different
> Microsoft
> active directories, that we'd like to segregate. If the whole file is
> transfered,
> then the SRV records in the mainoffice.com forward lookup will allow people
> in the mainoffice.com AD domain authenticate on the
> branchoffice.mainoffice.com
> AD domain, which is something we dont want.
>
> When we zone transfer, I'd like to exclude SRV records from the forward
> file.
>
> Or conversely, if we could only include certain types of records in the
> transfer
> that would be even better. All I want to transfer is A, CNAME, TXT, and MX
> in the forward file.
>
> Is there a way to limit what record types can be transfered either by
> exclusion
> or include, or is it only the whole enchilada?
>
>
No, that's not a feature of BIND, and I don't think it'll ever be a
feature, since it fragments namespaces in a way that is confusing,
error-prone and dangerous.
But, I have to ask: why doesn't the branchoffice AD have their own SRV
records in the branchoffice.mainoffice.com subdomain? If the clients
found _those_ SRV records, then they presumably wouldn't look for SRV
records in mainoffice.com and you wouldn't have an issue. Maybe I'm
misunderstanding something about your design...
- Kevin
More information about the bind-users
mailing list