zone delegation/forwarding in a non-recursive view

Kevin Darcy kcd at chrysler.com
Fri Oct 25 17:04:01 UTC 2013 

Although you lump them together, forwarding and delegation are very 
different things.

Forwarding is a way to bypass the normal resolution mechanism, forcing 
your resolver to essentially "daisy-chain" recursion on behalf of a 
requesting recursive client. Another way to put it, is that you're 
dumbing down your nameserver to the level of a PC or embedded device 
that only knows to send recursive queries to a predefined list of 
upstream resolvers. In fact, forwarding in BIND is in a sense even 
_dumber_ than recursive resolution in a PC or embedded device, because 
those device types can usually get a list of recursive resolvers 
*dynamically* (via DHCP options), whereas in BIND one configures 
forwarders *statically*.

Delegation, on the other hand, is the way the whole namespace hierarchy 
is joined together. If you delegate a subzone, you allow iterative (= 
non-recursive) resolvers to follow the namespace hierarchy down into 
another branch of the tree. One branch links to another branch, and so 
on. That's how the whole tree is formed, all of the way from the root 
down to the "leaf" nodes.

So, what is the real requirement here? To create or link in a new branch 
of the tree? Or merely to enlarge the set of clients which are allowed 
to use your nameserver instance in a recursive manner? The answers to 
those questions will determine whether forwarding or delegation is the 
appropriate solution.

                             - Kevin

On 10/25/2013 6:46 AM, Yiorgos Stamoulis wrote:
> Hi,
>
> I have authoritative dns system (1 master bind-9.8.2 & 2 slaves
> bind-9.8.2 & bind-9.3.6) with several zones and two views.
>
> The internal view allows recursion and the external not.
>
> I now have the requirement to delegate/forward a zone to an external
> nameserver.
>
> This works OK for the internal view, but fails for the external as
> recursion is not allowed.
>
> Is it possible to do this? how?
>
> Regards
>
> Yiorgos
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>

More information about the bind-users mailing list