DNSSEC, views & trusted keys...

Chris Buxton chris.p.buxton at gmail.com
Sun Sep 12 02:41:17 UTC 2010

On Sep 11, 2010, at 2:34 AM, Phil Mayers wrote:

> On 09/10/2010 11:12 PM, Timothe Litt wrote:
>> So it looks like the new (r-internal) view is starting at the root when it
>> resolves -- ignoring what it has data for locally.   It sorta works for
> You'll need a:
> zone "name" {
>  type forward;
>  forward only;
>  forwarders {
>    ips;
>  };
> };
> It won't automatically detect that another view contains the zone and redirect it; you have to tell it.

Use a stub zone instead of a forward zone, so that the query will actually reach the authoritative view. With a forward zone, the query is recursive, so will be picked up by the recursive view - the view will query itself and not receive an answer.

zone "zone.name" {
	type stub;
	file "/path/to/recursive-view-data/zone.name";
	masters {; }; // or whatever the correct IP is to reach the internal view

Chris Buxton
BlueCat Networks

More information about the bind-users mailing list