Recursive server forwarding dynamic updates

Kevin Darcy kcd at chrysler.com
Thu Oct 3 14:44:29 UTC 2013


As others have pointed out, "allow-update-forwarding" only works for slaves.

Yet another reason to go with a large-authoritative-core approach, 
instead of stringing stuff together with recursive arrangements. Would 
you rather build an enterprise-strength DNS infrastructure from fragile 
filaments (forwarding) or solid bonds (replication)?

OK, I'll get off my infrastructure architect soapbox now...
                     - Kevin

On 10/2/2013 4:41 AM, Bojan Tomic wrote:
> Thanks Phil!
>
> I've tried "allow-update-forwarding", but my understanding is that 
> this option only works for slave servers!? What i'm looking for is 
> dynamic update forwarding from non-authoritative server. Can 
> allow-update-forwarding also work with non-authoritative server?We are 
> building an internal closed solution so source IP checking is not 
> necessary.
>
>
>
> On Wed, Oct 2, 2013 at 8:56 AM, Phil Mayers <p.mayers at imperial.ac.uk 
> <mailto:p.mayers at imperial.ac.uk>> wrote:
>
>     On 10/02/2013 07:51 AM, Bojan Tomic wrote:
>
>         Hi,
>
>         I'm looking for a way to setup a recursive/forwarding named
>         server to
>         forward dynamic updates
>
>
>     See "allow-update-forwarding" in the ARM. Obviously you will lose
>     source IP / TSIG key info, so will need to perform access checks
>     at the forwarding server, and allow everything you need at the
>     target server from the source/key of the forwarder.
>     _______________________________________________
>     Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>     unsubscribe from this list
>
>     bind-users mailing list
>     bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>     https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131003/09884c05/attachment.html>


More information about the bind-users mailing list