writeable secondary zone?

Nex6 n6ghost at gmail.com
Wed Jan 4 16:40:13 UTC 2017


On Wed, Jan 04, 2017 at 12:23:44PM +1100, Mark Andrews wrote:
> 
> In message <20170104010026.GA3160 at ubuntu>, Nex6 writes:
> > On Wed, Jan 04, 2017 at 01:46:07AM +0100, Reindl Harald wrote:
> > > 
> > > 
> > > Am 04.01.2017 um 01:35 schrieb Nex6:
> > > >I have a very specific issue, where a partner org, wants me to add an
> > > >SRV record for there org. (i dont want to)
> > > >
> > > >- NOTE: and its for a major cloud app (to remain nameless) that points
> > > >back to there active directoy.
> > > >
> > > >but this is a requirement for a cloud application. the only solution I
> > > >can think of so far, is build out a new DNS box for just the users
> > > >that need to use this application.
> > > >
> > > >and add the SRV record there. but, not sure how you could setup a
> > > >secondary zone, thats writeable?
> > > 
> > > you can't write in a slave zone
> > > 
> > > https://kb.isc.org/article/AA-00851/0/Understanding-views-in-BIND-9-by-exam
> > ple.html
> > 
> > 
> > yes, I know thats why I asked if there was a way to do this. I suspect
> > i am stuck. 
> 
> You don't need to modify a zone to graft on a SRV record as it will be
> prefixed with one or more labels.  You add a zone for that name.
> 
> _example._tcp.example.com
> 
> Now if _tcp.example.com already exists you add _example._tcp.example.com with
> zone content similar to this:
> 
> 	@ SOA ...
> 	@ NS ...
> 	@ SRV ....
> 
> If _tcp.example.com does not already exist you add _tcp.example.com with zone
> content similar to this:
> 
> 	@ SOA ...
> 	@ NS ...
> 	_example SRV ....
> 
> This prevents your clients seeing NXDOMAIN for _tcp.example.com.
> 
> The better way to do all this however would be for the partner to
> create the relevant zones with the SRV records (giving them change
> control of the contents) and have you slave them on your recursive
> servers possibly using TSIG to get the correct instance from them.
> They can supply you with example.com with the SRV records present
> or one of the above zones.  You clients see will see
> _example._tcp.example.com either way and it deals with their paranoia
> over publishing a SRV record to the world.
> 
> There is no need for you to muck with views for this.
> 
> Mark

hmmm, I wonder if a forward zone would work? or maybe us slaving there
zone might be better. 






> 
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> >  from this list
> > 
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-users mailing list