<html><body><span style="font-family:Verdana; color:#000000; font-size:10pt;"><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 10pt; "><br></div>
<blockquote id="replyBlockquote" webmail="1" style="border-left-width: 2px; border-left-style: solid; border-left-color: blue; margin-left: 8px; padding-left: 8px; ">
<div id="wmQuoteWrapper" style="color: black; font-family: verdana; font-size: 10pt; ">
-------- Original Message --------<br>
Subject: Configuring a domain slave to look up subdomain hosts<br>
From: "Mike Bernhardt" <<a href="mailto:bernhardt@bart.gov">bernhardt@bart.gov</a>><br>
Date: Mon, February 27, 2012 4:50 pm<br>
To: <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>><br>
<br>
<br>
I have a domain and a subdomain which is delegated by the<br>
<br>
I am trying to figure out the correct way to have the slave of a parent<br>
domain look up hosts in a subdomain managed by others. I'm running BIND<br>
9.8.1-P1. The current working configuration for the subdomain is this:<br>
<br>
options {<br>
directory "/var/named";<br>
allow-recursion { any; };<br>
allow-query { any; };<br>
allow-query-cache { any; };<br>
forwarders { 148.165.3.10; };<br>
forward only;<br>
recursive-clients 2000;<br>
zone-statistics yes;<br>
};<br>
<br>
zone "domain.com" {<br>
type slave;<br>
masters { 10.130.1.30; };<br>
file "db.domain";<br>
forwarders { };<br>
};<br>
<br>
But using "forwarders" doesn't seem like the correct way to do it. It's in<br>
the options in order to forward internet queries to our external name server<br>
instead of to the root servers, which aren't accessible from inside. I've<br>
been messing with stub zones but that doesn't seem to work:<br>
<br>
zone "domain.com" {<br>
type slave;<br>
masters { 10.130.1.30; };<br>
file "db.domain";<br>
};<br>
zone "subdomain.domain.com" {<br>
type stub;<br>
masters { 10.2.241.101; 10.2.242.222; };<br>
file "db.subdomain";<br>
};<br>
<br>
With this configuration, the zone file for <a href="http://subdomain.domain.com">subdomain.domain.com</a> is correctly<br>
created but when I run tcpdump I can see that queries for<br>
<a href="http://host.subdomain.domain.com">host.subdomain.domain.com</a> are being forwarded to 148.165.3.10, not to the<br>
subdomain name servers. The result of course is NXDOMAIN.<br>
<br>
With forwarders set for the zone <a href="http://domain.com">domain.com</a>, the slave queries the zone<br>
master, which then queries the subdomain name server as it should. So the<br>
stub zone is apparently being ignored.<br>
<br>
What is wrong? Perhaps I'm misunderstanding the purpose of stub zones? Let<br>
me know if you need additional config details.<br>
</div><div style="color: black; font-family: verdana; font-size: 10pt; "><br></div><div style="color: black; font-family: verdana; font-size: 10pt; ">/answer:</div><div style="color: black; font-family: verdana; font-size: 10pt; ">This post, requires a much longer response then I have time for, but i will take a quick stab.</div><div><font face="verdana" size="2">a "stub" zone, is generally only used for cross corporate, or cross partner resolving. it gives you </font></div><div><font face="verdana" size="2">a "local" copy of possibly internal zone data.</font></div><div><font face="verdana" size="2"><br></font></div><div><font face="verdana" size="2">a "slave" is a type of Nameserver, not a type of zone. generally youll have authoritative name servers,</font></div><div><font face="verdana" size="2">and sometimes in bigger shops a number if "salves" or now called secondary name servers. for example,</font></div><div><font face="verdana" size="2" style="">you could have your </font>authoritative name servers behind your firewall, and put a slave in the DMZ sorta thing.</div><div>or have a few authoritative name servers, a several salves, so you may have salves in each datacenter. </div><div style=""><font face="verdana" size="2" style=""> </font></div><div><font face="verdana" size="2"><br></font></div><div><font face="verdana" size="2">a delegation, is where you "delagate" a subzone to someone else. example, you own say </font></div><div><font face="verdana" size="2"><a href="http://example.org">example.org</a>, and a subgroup wants to manage their own namespace of <a href="http://depart1.example.org">depart1.example.org</a>, so </font></div><div><font face="verdana" size="2">you delegate <a href="http://depart1.example.org">depart1.example.org</a> to there name servers. and they will "own" the zone depart1.</font></div><div><font face="verdana" size="2"><br></font></div><div><font face="verdana" size="2">hope this helps clears a few things up.</font></div><div><font face="verdana" size="2"><br></font></div><div><font face="verdana" size="2">-Nex6 </font></div><div style="color: black; font-family: verdana; font-size: 10pt; "><br></div><div style="color: black; font-family: verdana; font-size: 10pt; "><br></div><div style="color: black; font-family: verdana; font-size: 10pt; "><br></div><div style="color: black; font-family: verdana; font-size: 10pt; "><br></div><div style="color: black; font-family: verdana; font-size: 10pt; "><br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></div><div style="color: black; font-family: verdana; font-size: 10pt; "><br></div><div style="color: black; font-family: verdana; font-size: 10pt; "><br></div><div style="color: black; font-family: verdana; font-size: 10pt; "><br></div>
</blockquote></span></body></html>