forward only single zone

Oto BREZINA otik at
Tue Mar 8 09:33:35 UTC 2016

On 2016-03-07 18:05, Tony Finch wrote:
> Oto BREZINA <otik at> wrote:
>> I need to create one subzone of public zone which is served by another server.
>> This can not be transfered. Server is located on LAN.
> Tricky. I don't think it is possible to do what you want with BIND.
> You probably can do it with dnsdist - see
> (I have not tried to use dnsdist myself.)
> Explanation of why it doesn't work below...
Thank you for answer and explanation, even not the answer i was hoping
for, but somehow expected - based on web research. At least I'm not
going to invest time in dead end. I'll check if I can get separate IP
for my calc zone and NAT it.
>> my setting right now is like:
>> view "local" {
>>          allow-query { internals; };
>>          match-clients { internals; };
>>          recursion yes;
>>          include "local zones";
>>          include "public zones";
>>          include "slave zones";
>> };
>> view "public" {
>>          allow-query { any; };
>>          match-clients { any; };
>>          recursion no;
>>          include "public zones"; // contains with clue to same
>> server
>>          include "slave zones";
>> };
>> I need to add
>> zone "" {
>>                  type forward;
>>                  forward only;
>>                  forwarders { local_machine; };
>>          };
>> adding it to local wont let external client to get access, but works from
>> internals
>> adding it to public, does not help, it returns only clues; forward only wont
>> word as recursion is no, adding another view public2 seems have no affect.
> The reason this doesn't work is that forwarding in BIND is only for
> recursive queries.
> So when you add this "type forward" zone to your public view, it doesn't
> work for two reasons: firstly, you have disabled recursion on the view,
> which is normally exactly the right thing, but it also disables
> forwarding; and secondly, most queries that your server will receive on
> its public view will be from resolvers with the "recursion desired" bit
> off, RD=0, which also disables forwarding.
> And because recursion is disabled, clients that query for
> will get a referral rather than the answer you expected.
> Tony.

More information about the bind-users mailing list