Is it possible to specify a fallback NS? (I couldn't help thinking that !)
vaillant at ganil.fr
Tue Oct 24 10:34:20 UTC 2006
Just think that you must add the going-with some Microsoft DNS 2000 in some of your secondaries and that could/would be
"le pompon" (won't be any gas)
Kevin Darcy wrote:
> linuxnewbie1234 wrote:
>>Suppose I have a company ONE for which I am serving the domain .one.com
>>I know the A addresses of a computer like www.one.com
>>however my company recently splitted and now there is an independent
>>branch, which is two.one.com .
>>At TWO-ONE They have their computers (e.g. three.two.one.com), and their
>>NS which is ns.two.one.com . All the IP addresses can change without
>>them informing me. In addition they can split further and make a
>>THREE-ONE branch with the domain three.one.com . TWO-ONE will be
>>informed of the split but not me.
>>Since I have the top level NS ns.one.com BUT I don't have control on
>>what the other people do, is there a way to configure my zone file so
>>that for everything of the form X.one.com it first goes looking in my
>>zone file and then if this finds nothing, either
>>-goes asking recursively to ns.two.one.com OR
>>-tells the client to refer to ns.two.one.com
>>Note that I cannot simply put an NS entry specifying X.two.one.com NS
>>ns.two.one.com because if they split again forming "three" I wouldn't
>>catch that one. I really want a fallback on ns.two.one.com if the
>>computer is not found in my zone. Is that possible?
> No, not possible with BIND. Administrators of parent and child domains
> need to work together if they are to provide reliable resolution service
> to their customers. The child-domain administrators can't reasonably
> expect to change all of their stuff around without informing you and
> without causing a break in service. That would be like them sawing
> themselves off of a branch and still expecting to stay aloft. Nor can
> they expect to be able to create arbitrary subzones of the parent zone
> without you giving them full write access to the zone data (which
> presumably you're not willing to do).
> Think about this too: even *if* BIND had this capability -- kind of a
> "wildcarded forwarding" mechanism -- if they changed all of their IP
> addresses around without telling you, you'd *still* be just as unable to
> resolve names in their subzones, until you could update your "wildcarded
> forwarding" configuration. So what would such a feature buy you really,
> over simple delegation? Any way you cut it, if they control subzones of
> one.com, they *must* co-ordinate any changes to the nameservers of those
> subzones, with the administrator of the parent zone (you).
> Sounds like what they _really_ want is to control the parent zone.
> Unless you can collectively come up with some sort of shared-maintenance
> regime that you can both live with, looks like you might have a
> political battle on your hands over who controls one.com. But that's
> getting somewhat off-topic for this list...
> - Kevin
sy VAILLANT Daniel mailto:vaillant at ganil.fr
re GANIL GIP (Syst&Res) Vox:(+33)(0)2 31 45 46 84
mi B.P. 5027 Fax:(+33)(0)2 31 45 46 65
@ 14076 CAEN-Cedex 5 Web: http://www.ganil.fr
Le temps s'écoule, l'espace se dilate, l'énergie se matérialise et tout
le reste est commentaire. Miche Cassé
Du vide et de la création
More information about the bind-users