"forward after" option

Marc Lampo marc.lampo at eurid.eu
Fri Nov 12 09:18:21 UTC 2010

>                We were looking about the forward configuration on BIND
and we found that there is the ?forward only? and ?forward first? option.
> If our partner configure our external zone on their DNS and configured
just this specific entry on the zone and configure the forward of the zone
> to our public DNS will not work because our public DNS have this entry
and this entry is appointing to the public IP.
> So the entry on our customer DNS will be used just after it query our
public DNS.
>                So we were looking for if there is a option on BIND (we
did not found anything yet) to do the inverse of the ?forward first?.
> Something link ?forward after?. So, if our > customer DNS receive a
query and it have that entry on the zone it will answer to the source.
> If it did not find this entry in the zone it will do the forward process
to our public DNS.
>                There is something that could do this using BIND ?


If I understand it well, you have a (one) specific FQDN in your domain
which the partner has to resolve via a “special” way, so : not via the
public authoritative NS’s of your domain.

My recommendation is that the partner company creates a forward zone for
that special FQDN (only), and *not* for your whole zone.
This way the partner caching NS's will as anything in your zone to the
normal, authoritative NS's,
and forward "only" the queries for that specific FQDN to your internal
The fact that, on the internal server, that FQDN might itself not be a
delegated name (no NS records)
is of no relevance to the partner name server.

Hope this helps.

Kind regards,

Marc Lampo
Security Officer
    Woluwelaan 150    
    1831 Diegem - Belgium
    TEL.: +32 (0) 2 401 3030
    MOB.:+32 (0)476 984 391
    marc.lampo at eurid.eu

Want a .eu web address in your own language? Find out how so you don’t
miss out!

More information about the bind-users mailing list