<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">As others have pointed out,
"allow-update-forwarding" only works for slaves.<br>
<br>
Yet another reason to go with a large-authoritative-core approach,
instead of stringing stuff together with recursive arrangements.
Would you rather build an enterprise-strength DNS infrastructure
from fragile filaments (forwarding) or solid bonds (replication)?<br>
<br>
OK, I'll get off my infrastructure architect soapbox now...<br>
- Kevin<br>
<br>
On 10/2/2013 4:41 AM, Bojan Tomic wrote:<br>
</div>
<blockquote
cite="mid:CAMTzf0FCAt=zG3+OZKaYyxzDTdUWhUmBBzZSz0zOMOjBhEhY5g@mail.gmail.com"
type="cite">
<div dir="ltr">Thanks Phil!
<div><br>
</div>
<div>I've tried <span
style="font-family:arial,sans-serif;font-size:13px"> </span><font
face="arial, sans-serif">"allow-update-forwarding", but
my understanding is that this option only works for slave
servers!? What i'm looking for is dynamic update forwarding
from non-authoritative server. Can </font><span
style="font-family:arial,sans-serif">allow-update-forwarding
also work with non-</span><font face="arial, sans-serif">authoritative
server?</font><span style="font-family:arial,sans-serif">
We are building an internal closed solution so source IP
checking is not necessary.</span></div>
<div><font face="arial, sans-serif"><br>
</font></div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Oct 2, 2013 at 8:56 AM, Phil
Mayers <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:p.mayers@imperial.ac.uk" target="_blank">p.mayers@imperial.ac.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im">On 10/02/2013 07:51 AM, Bojan Tomic wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px
0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi,<br>
<br>
I'm looking for a way to setup a recursive/forwarding
named server to<br>
forward dynamic updates<br>
</blockquote>
<br>
</div>
See "allow-update-forwarding" in the ARM. Obviously you
will lose source IP / TSIG key info, so will need to
perform access checks at the forwarding server, and allow
everything you need at the target server from the
source/key of the forwarder.<br>
_______________________________________________<br>
Please visit <a moz-do-not-send="true"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a moz-do-not-send="true"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
</blockquote>
<br>
</body>
</html>