NXDOMAIN processing
Grant Taylor
gtaylor at tnetconsulting.net
Tue Apr 27 15:47:21 UTC 2021
On 4/26/21 2:45 PM, bamberg2000 via bind-users wrote:
> Hi!
Hi,
> BIND 9.11.5, I forward the request ("forward zone" or global "forward
> first") to another server and I get NXDOMAIN. Is it possible to process
> NXDOMAIN other than "redirect zone"? I just want to repeat the request
> to another forwarder.
I'm not sure what your actual use case is or if what I did will work.
I wrote a quick overview article about something I did years ago that
/might/ help with what you /may/ be doing.
Link - Duplicate authoritative DNS zones ... on purpose
-
https://dotfiles.tnetconsulting.net/blog/2013/0610/Duplicate-authoritative-DNS-zones-on-purpose.html
TL;DR: Two BIND servers worked in concert with each other such that the
master / authoritative zone in the D.R. environment could be a subset of
the production environment to override things while still falling back
to the full prod environment for records that weren't overridden.
It's a bit of a hack, but it allowed us to enter the ~100 names specific
to the D.R. environment and leverage the other thousands of names from
prod without needing to import / merge records in D.R.
I don't remember why simply using RPZ to override wasn't sufficient. I
think it had to do with the infrastructure / configuration I was working
with.
Maybe this will give you some ideas. Or maybe it wasted some bandwidth
and 30 seconds of people's time.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210427/4f6cc0f8/attachment.bin>
More information about the bind-users
mailing list