forwarding subdomain to internal box

Wim Livens wli at
Fri Feb 13 23:59:26 UTC 2009

Thanks all for the clear explanation. 

If I understand correctly:
- forwarding is not a solution to my problem. (even the suggestion by 
Chris didn't help)
- having ns1/ns2 slave from devbox would be a solution (but in my 
specific case I can't because devbox runs a custom nameserver based on 
Stanford::DNSserver which doesn't do axfr)
- making the dns service of devbox available from the internet (by means 
of a proxy, port-forwarding or similar) is the (only) way to go.


Kevin Darcy wrote:
> Just as there is a "default-less core" to Internet routing, there is 
> also a "forwarding-less core" to Internet DNS, and your nameservers -- 
> congratulations -- are in that core. The queries you get from other 
> nameservers in the core are non-recursive, defined to mean "give me 
> whatever information you have, but don't ask anyone else about the 
> name". And your nameservers dutifully comply. Ergo, they don't forward.
> As someone else pointed out, there could theoretically be (non-core) 
> resolvers out there configured to resolve directly from your box. But 
> for an authoritative nameserver on the Internet, this would be the 
> exception rather than the rule -- mostly your nameserver will be 
> talking to other nameservers, not to forwarding or stub resolvers.
> If you have some devices that are capable of *proxying* DNS requests 
> between the internal box and the Internet, you could delegate the 
> subdomain to those devices. But a true, standards-complying nameserver 
> will never forward a non-recursive query. The absence of the RD 
> (recursion desired) flag on the query specifically told it that the 
> client didn't want that.
> - Kevin

More information about the bind-users mailing list