<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffcc">
<br>
<br>
On 06/08/10 19:59, Kevin Darcy wrote:
<blockquote cite="mid:4C5C4D6E.202@chrysler.com" type="cite">On
8/6/2010 1:05 PM, CLOSE Dave (DAE) wrote:
<br>
<blockquote type="cite">Joseph S D Yao wrote:
<br>
<br>
<blockquote type="cite">If you have two forwarders, as you
listed, your server will try to
<br>
forward first to one and then to the other. If it gets any
answer at
<br>
all from one - even an error answer - it will not try the
other.
<br>
</blockquote>
So forwarding works exactly the same as listing both servers in
<br>
resolv.conf? That behavior is exactly what I'm trying to avoid.
<br>
<br>
<blockquote type="cite">There are many ways to try to cascade
name servers and try them one at a
<br>
time. By the good design of BIND, none of them work.
<br>
</blockquote>
If BIND won't do the job, can you suggest another server that
will? I
<br>
can't be the only one wanting to do something like this.
<br>
<br>
<blockquote type="cite">On your new server:
<br>
<br>
zone "." { type hint; file "root.hints"; };
<br>
zone "private.example.com" { type forward; forward only;
<br>
</blockquote>
> forwarders { private.domain.server.IP; }; };
<br>
<blockquote type="cite">and put the IP address for this name
server and no other in your
<br>
/etc/resolv.conf.
<br>
</blockquote>
Ah, that might work -- in other circumstances. I understand the
basic
<br>
idea to be using separate zones to force forwarding to different
servers
<br>
for different domains. Did I understand correctly?
<br>
<br>
But an unfortunate characteristic of my PRIV server is that it
doesn't
<br>
use /any/ domain. It only resolves simple, unqualified names
like HOST1.
<br>
This was clearly a mistake in design (from before my time), but
I have
<br>
no ability to change it (in the next five years, anyway).
<br>
</blockquote>
Ah, so you want to implement something new, but not willing to fix
the old broken design which is incompatible with what you're
trying to implement. Gotcha.
<br>
<br>
The only halfway-reasonable way I see for your to work around this
broken design is to define each of those "unqualified" names
individually in your nameserver config, e.g.
<br>
<br>
zone "HOST1" {
<br>
type master;
<br>
file "HOST1";
<br>
};
<br>
<br>
and hope they don't change too often.
<br>
</blockquote>
I believe you could use forwarding to the internal server for each
individual name:<br>
<br>
zone "HOST1" {<br>
type forward;<br>
forwarders{ private.domain.server.IP; };<br>
}<br>
<br>
This should do the trick but not elegant, not easy. I would start
hinting to management that changes are needed as this is not
manageable in the long term. Think also about adding search domains
to the hosts that need these lookups.<br>
<blockquote cite="mid:4C5C4D6E.202@chrysler.com" type="cite">
<br>
- Kevin
<br>
<br>
<br>
- Kevin
<br>
<br>
<br>
_______________________________________________
<br>
bind-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
</pre>
</body>
</html>