Shortcut the lookup algorithm *other* than via 'forward' ?
L. Gabriel Somlo
gsomlo at gmail.com
Tue Mar 2 15:43:46 UTC 2010
Mark,
Thanks much for clearing this up ! I get it now -- the lookup
algorighm is opportunistic, and starts below the root if the right NS
records are already in cache. Having stub zones insures that is always
the case -- very cool !
Also thanks to everyone else who responded !
--Gabriel
On Tue, Mar 02, 2010 at 12:36:49PM +1100, Mark Andrews wrote:
>
> In message <20100302003617.GA27346 at foober.net.cmu.edu>, "L. Gabriel Somlo" writ
> es:
> > Kevin,
> >
> > > For redundancy, you might want to consider slaving ".local" and
> > > "example.com" on the remote servers. Note that you don't need to
> >
> > Thanks for the reply ! I am slaving and/or stubbing some of our zones
> > in some instances, and redundancy is not what I was concerned about.
> >
> > I am simply looking for a way to avoid repeating what is already
> > expressed in the data. E.g. primary-auth-server.example.com is master
> > for the zone 'example.local', but not for 'marketing.example.local'.
> > In the master zone file for 'example.local', I have
> >
> > marketing.example.local NS marketing-auth-svr.example.com
> >
> > I'd rather not *also* have to maintain a 'marketing.example.local'
> > zone in primary-auth-server's named.conf, be that of type forward,
> > slave, or stub.
>
> You don't have to. You just have a stub zone for each internal namespace.
>
> > When the cache asks primary-auth-server about
> > 'www.marketing.example.local', I want to be able to return the
> > marketing.example.local NS record and let the cache do its thing.
> >
> > As it is now, the cache either starts at the root (and fails, since
> > it's looking for something.local), or forwards to primary-auth-server
> > (which then must be able to answer the full query, regardless of
> > mechanism -- another forward, slave, or stub), or I have to configure
> > the cache with specific forwards for each subdomain of example.local
> > that is delegated from primary-auth-server, etc.
>
> Please go re-read what was said in the previous email. Stub zones do
> what you want if you set them up correctly.
>
> zone "local" {
> type stub;
> masters { .... };
> forwarders { /* empty */ };
> file "local.stub";
> };
>
> This is be in all the servers that need to see the "local" namespace and
> are not masters or slaves for "local".
>
> The master of local should be configured to turn off forwarding for the "local"
> namespace if you are using global forwarders.
>
> zone "local" {
> type master;
> file "local.db";
> forwarders { /* empty */ };
> ....
> };
>
> The slaves of local should be configured to turn off forwarding for the "local"
> namespace if you are using global forwarders.
>
> zone "local" {
> type slave;
> masters { .... };
> file "local.db";
> forwarders { /* empty */ };
> ....
> };
>
> > Each scenario requires putting in the same information multiple times:
> > once as delegation NS records, and then again as explicit
> > slave/stub/forward zones in the config file. It is this latter round of
> > duplicated information that I'm trying to avoid having to deal with.
> >
> > > The "hints" file is a non-starter -- for years now it's been limited to
> > > only containing root-zone-related information.
> >
> > Allright, but that was my second question :)
> >
> > > > Alternatively, I'd also appreciate any insights into why what I'm
> > > > asking for might be a very bad idea and shouldn't be done (or even
> > > > supported at all in BIND) ! :)
> >
> > And the mechanism itself is of no importance here. I tried adding data
> > to the root hints file (which did not work). I also tried a separate
> > 'type hint' zone only for 'example.local', which bind told me
> > explicitly it's ignoring since it's not '.' :)
> >
> > For all I care, it could be a variation of the 'type forward', let's
> > call it 'type lean_forward', where the 'lean_forwarders' might just
> > return an NS record and not a full result, and the requesting server
> > would have the responsibility to continue following up with the NS
> > record it received, as though it had started at the root.
> > Using 'type hint' just seemed like the most obvious place to start...
> >
> > If it's a bad idea, could anyone please explain *why* ?
> > (I wouldn't mind spending a few days/weeks/whatever on trying to cook
> > up a patch, but I'd hate to waste time if there's a good reason the
> > bind folks hate the idea behind it :) )
> >
> > Thanks,
> > --Gabriel
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list