NXDOMAIN processing

Grant Taylor gtaylor at tnetconsulting.net
Tue Apr 27 15:47:21 UTC 2021

On 4/26/21 2:45 PM, bamberg2000 via bind-users wrote:
> Hi!


> BIND 9.11.5, I forward the request ("forward zone" or global "forward 
> first") to another server and I get NXDOMAIN. Is it possible to process 

> NXDOMAIN other than "redirect zone"? I just want to repeat the request 
> to another forwarder.

I'm not sure what your actual use case is or if what I did will work.

I wrote a quick overview article about something I did years ago that 
/might/ help with what you /may/ be doing.

Link - Duplicate authoritative DNS zones ... on purpose

TL;DR:  Two BIND servers worked in concert with each other such that the 
master / authoritative zone in the D.R. environment could be a subset of 
the production environment to override things while still falling back 
to the full prod environment for records that weren't overridden.

It's a bit of a hack, but it allowed us to enter the ~100 names specific 
to the D.R. environment and leverage the other thousands of names from 
prod without needing to import / merge records in D.R.

I don't remember why simply using RPZ to override wasn't sufficient.  I 
think it had to do with the infrastructure / configuration I was working 

Maybe this will give you some ideas.  Or maybe it wasted some bandwidth 
and 30 seconds of people's time.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210427/4f6cc0f8/attachment.bin>

More information about the bind-users mailing list