forward only single zone

Mon Mar 7 17:05:46 UTC 2016

Oto BREZINA <otik at e-posta.sk> wrote:
>
> I need to create one subzone of public zone which is served by another server.
> This can not be transfered. Server is located on LAN.

Tricky. I don't think it is possible to do what you want with BIND.
You probably can do it with dnsdist - see http://dnsdist.org/
(I have not tried to use dnsdist myself.)

Explanation of why it doesn't work below...

> my setting right now is like:
>
> view "local" {
>         allow-query { internals; };
>         match-clients { internals; };
>         recursion yes;
>
>         include "local zones";
>         include "public zones";
>         include "slave zones";
> };
>
> view "public" {
>         allow-query { any; };
>         match-clients { any; };
>         recursion no;
>
>         include "public zones"; // contains example.com with clue to same
> server
>         include "slave zones";
> };
>
> I need to add
>
> zone "calc.example.com" {
>                 type forward;
>                 forward only;
>                 forwarders { local_machine; };
>         };
>
> adding it to local wont let external client to get access, but works from
> internals
> adding it to public, does not help, it returns only clues; forward only wont
> word as recursion is no, adding another view public2 seems have no affect.

The reason this doesn't work is that forwarding in BIND is only for
recursive queries.

So when you add this "type forward" zone to your public view, it doesn't
work for two reasons: firstly, you have disabled recursion on the view,
which is normally exactly the right thing, but it also disables
forwarding; and secondly, most queries that your server will receive on
its public view will be from resolvers with the "recursion desired" bit
off, RD=0, which also disables forwarding.

And because recursion is disabled, clients that query for calc.example.com
will get a referral rather than the answer you expected.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Lundy, Fastnet, Irish Sea: Northerly or northwesterly, backing southwesterly
for a time, 4 or 5, increasing 6 at times. Slight or moderate, occasionally
rough in Fastnet. Rain or showers. Moderate or good, occasionally poor.