Static-stub zones and forwarding
Michael Hoskins (michoski)
michoski at cisco.com
Fri Aug 24 07:06:19 UTC 2012
-----Original Message-----
From: Mark Picone <mark.picone at deakin.edu.au>
Date: Thursday, August 23, 2012 10:45 PM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Static-stub zones and forwarding
>Hi All,
>
>I am in the process of migrating all of our client facing resolver hosts
>back to BIND (from unbound) and have hit a roadblock.
>I wanted to confirm if I have missed something in my BIND configuration
>or I have hit some sort of limitation in BIND.
>
>It appears as if BIND is ignoring the static-stub zone and just
>forwarding all queries to the specified forwarders.
>
>The reason that I require a static-stub and not a forward zone is that
>our internal name servers have delegated zones (to Cisco GSS/F5 devices)
>which return site-specific answers; If I allow the client facing
>resolvers to recursively query the internal name servers I will get back
>the site-specific answer for the internal name server instead of the
>client facing resolver.
>Using a static-stub zone forces the client facing resolver to use
>iterative queries which will eventually lead it to query the Cisco GSS/F5
>device for itself.
Going out on a limb (we have something similar, but there might be small
implementation details that are different) -- have you tried making master
zones vs stubs, where you can use forwarders {}; to override the global
list, and then place NS delegations and glue pointing to the GSS/F5
devices?
More information about the bind-users
mailing list