Sharing authority without creating a subdomain

Chris Buxton cbuxton at menandmice.com
Thu Apr 17 19:57:20 UTC 2008 

That depends on what trust relationship exists between administrators  
and servers. For example, you could put an $INCLUDE statement into  
your domain.com zone, pointing to a file managed by the other  
administrator. You can use file permissions to control access.

If the other administrator does not have direct access to your server,  
perhaps the file to be included could be copied across by rsync or  
scp, evaluated by a script on your end (looking for records not meant  
to be managed by this administrator), and then copied into place over  
the previous version.

If the $INCLUDE idea doesn't work for you, I think you're going to be  
limited to multiple delegations of individual names over to the other  
servers. (By the way: In your example data, you used underscores in  
the name server names. That is not going to work in the real world,  
where name server names have to abide by the rules for hostnames,  
meaning you can use letters, numbers, and hyphens.)

Chris Buxton
Professional Services
Men & Mice

On Apr 17, 2008, at 12:21 PM, Steven Stromer wrote:
> Hi,
>
> I am seeking to delegate authority for a few specific hosts, without
> placing those hosts under a subdomain. For instance:
>
> Zone1:
> domain.com, with records for...
> www.domain.com
> mail.domain.com
>
> Zone 2:
> ftp.domain.com
> testing.domain.com
>
>
> It would seem that I could create separate zones for each of the hosts
> listed under Zone 2, and then make each of these zones into children  
> in
> Zone1, delegating and providing glue, as such:
>
> ftp 86400 IN NS zone2_ns1.domain.com.
>
>    86400 IN NS zone2_ns2.domain.com.
>
> testing 86400 IN NS zone2_ns1.domain.com.
>
>    86400 IN NS zone2_ns2.domain.com.
>
> zone2_ns1.domain.com. 86400 IN A 192.253.254.2
>
> zone2_ns2.domain.com. 86400 IN A 192.253.254.3
>
>
> However, it seems to be a large amount of work, and just generally bad
> form to create a zone for individual hosts. Is there a better way to  
> do
> this?
>
> Thanks!
>
> Steven Stromer
>
>

More information about the bind-users mailing list