Is it possible to specify a fallback NS? (I couldn't help thinking that !)

Vaillant Daniel vaillant at
Tue Oct 24 10:34:20 UTC 2006


Just think that you must add the going-with some Microsoft DNS 2000 in some of your secondaries and that could/would be 
"le pompon" (won't be any gas)


Kevin Darcy wrote:
> linuxnewbie1234 wrote:
>>Suppose I have a company ONE for which I am serving the domain
>>I know the A addresses of a computer like
>>however my company recently splitted and now there is an independent 
>>branch, which is  .
>>At TWO-ONE They have their computers (e.g., and their 
>>NS which is . All the IP addresses can change without 
>>them informing me. In addition they can split further and make a 
>>THREE-ONE branch with the domain . TWO-ONE will be 
>>informed of the split but not me.
>>Since I have the top level NS BUT I don't have control on 
>>what the other people do, is there a way to configure my zone file so 
>>that for everything of the form it first goes looking in my 
>>zone file and then if this finds nothing, either
>>-goes asking recursively to OR
>>-tells the client to refer to
>>Note that I cannot simply put an NS entry specifying NS 
>> because if they split again forming "three" I wouldn't 
>>catch that one. I really want a fallback on if the 
>>computer is not found in my zone. Is that possible?
> No, not possible with BIND. Administrators of parent and child domains 
> need to work together if they are to provide reliable resolution service 
> to their customers. The child-domain administrators can't reasonably 
> expect to change all of their stuff around without informing you and 
> without causing a break in service. That would be like them sawing 
> themselves off of a branch and still expecting to stay aloft. Nor can 
> they expect to be able to create arbitrary subzones of the parent zone 
> without you giving them full write access to the zone data (which 
> presumably you're not willing to do).
> Think about this too: even *if* BIND had this capability -- kind of a 
> "wildcarded forwarding" mechanism -- if they changed all of their IP 
> addresses around without telling you, you'd *still* be just as unable to 
> resolve names in their subzones, until you could update your "wildcarded 
> forwarding" configuration. So what would such a feature buy you really, 
> over simple delegation? Any way you cut it, if they control subzones of 
>, they *must* co-ordinate any changes to the nameservers of those 
> subzones, with the administrator of the parent zone (you).
> Sounds like what they _really_ want is to control the parent zone. 
> Unless you can collectively come up with some sort of shared-maintenance 
> regime that you can both live with, looks like you might have a 
> political battle on your hands over who controls But that's 
> getting somewhat off-topic for this list...
>             - Kevin

sy  VAILLANT Daniel       mailto:vaillant at
re  GANIL GIP (Syst&Res)  Vox:(+33)(0)2 31 45 46 84
mi  B.P. 5027             Fax:(+33)(0)2 31 45 46 65
@   14076 CAEN-Cedex 5    Web:
Le temps s'écoule, l'espace se dilate, l'énergie se matérialise et tout
le reste est commentaire.                Miche Cassé
                                         Du vide et de la création

More information about the bind-users mailing list