Better solution than making a recursive nameserver authoritative?

Phil Mayers p.mayers at imperial.ac.uk
Fri Jun 24 19:33:25 UTC 2011


On 06/24/2011 06:39 PM, David Coulthart wrote:

> configure the zone as forward first, the recursive nameserver gets
> back the NS delegation&  then uses that to perform an iterative query
> against the authoritative nameserver for the subdomain.  This
> actually seems like it might solve my issues.  Are there any problems
> with this setup I'm not seeing (other than the quirk of sending a
> recursive query to the forwarder when it is authoritative only)?

forward first is the wrong tool; if the upstream nameservers are down 
(or fail to answer) it'll go to the internet, which you don't want.

static-stub, introduced in bind 9.8 are what you want (see below)

>
> There have been a few other, slightly crazier, ideas I've thought of
> or have been suggested to me.  But I figured I would start with these
> as they are likely the simplest.  However, other recommended
> solutions are always appreciated.

"type static-stub". These are designed for this purpose - they send 
non-recursive queries to the server-{addresses,names} you define, and 
will honour delegations, as opposed to forward zones that send recursive 
queries and expect a full reply.

I didn't really understand why you needed or thought you needed views, 
so if you can expand, possibly people can give you a fuller answer.

Cheers,
Phil



More information about the bind-users mailing list