Recursive server forwarding dynamic updates
Kevin Darcy
kcd at chrysler.com
Thu Oct 3 14:44:29 UTC 2013
As others have pointed out, "allow-update-forwarding" only works for slaves.
Yet another reason to go with a large-authoritative-core approach,
instead of stringing stuff together with recursive arrangements. Would
you rather build an enterprise-strength DNS infrastructure from fragile
filaments (forwarding) or solid bonds (replication)?
OK, I'll get off my infrastructure architect soapbox now...
- Kevin
On 10/2/2013 4:41 AM, Bojan Tomic wrote:
> Thanks Phil!
>
> I've tried "allow-update-forwarding", but my understanding is that
> this option only works for slave servers!? What i'm looking for is
> dynamic update forwarding from non-authoritative server. Can
> allow-update-forwarding also work with non-authoritative server?We are
> building an internal closed solution so source IP checking is not
> necessary.
>
>
>
> On Wed, Oct 2, 2013 at 8:56 AM, Phil Mayers <p.mayers at imperial.ac.uk
> <mailto:p.mayers at imperial.ac.uk>> wrote:
>
> On 10/02/2013 07:51 AM, Bojan Tomic wrote:
>
> Hi,
>
> I'm looking for a way to setup a recursive/forwarding named
> server to
> forward dynamic updates
>
>
> See "allow-update-forwarding" in the ARM. Obviously you will lose
> source IP / TSIG key info, so will need to perform access checks
> at the forwarding server, and allow everything you need at the
> target server from the source/key of the forwarder.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131003/09884c05/attachment.html>
More information about the bind-users
mailing list