Difference between delegation and forward zone
McDonald, Daniel (Dan)
Dan.McDonald at austinenergy.com
Mon Mar 6 17:31:32 UTC 2017
Yes, you can forward to a subdomain. Just define it as a separate zone and include the forwarders and forward-only lines. I believe you need allow-query-cache for this to work.
Delegated zones don’t necessarily need to respond with SOA and NS records. Many load balancers use delegated zones for global server load balancing. Just point your NS records at the load balancer and it should refer the querying DNS server along to the load balancer. Assuming something else is doing the recursive lookups, you just need allow-query for this. If this device is doing the recursive lookups, then you need allow-recursion for this to work.
You do need SOA and NS records if you are going to set up either a secondary or a stub zone. In this case, you would need allow-query.
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Bind Users <bind-users at lists.isc.org>
Reply-To: Mik J <mikydevel at yahoo.fr>
Date: Monday, March 6, 2017 at 10:24
To: Bind Users <bind-users at lists.isc.org>
Subject: Difference between delegation and forward zone
I would like to check if my understanding is correct regarding delegation and forward
Delegation: I want to delegate the administrative tasks to someone else for one subdomain
I'll specify the NS of that subdomain1.mydomain.org in my mydomain.org zone file
The other person will be able to create rr1.subdomain1.mydomain.org
Forward zone: I can forward a specific zone to a DNS that is different from the default fowarders or I won't attempt to do an iterative lookup.
=> Question 1: Can I have a forward zone that is a subdomain subdomain1.mydomain.org ? Or when the zone is a subdomain of mydomain (I'm athoritative) it's always a delegation ?
=> Question 2: When I do a delegation, is it correct that the remote DNS server holding subdomain1.mydomain.org must always answer the SOA with SOA records and NS records (RFC 2181 chapter 6.1)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users