<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">The typical use case for a stub zone is
where the delegation chain is broken, or incorrect, but you don't
want to incur the overhead of slaving the zone (or some other sort
of bureaucratic snafu like the owner/admin of the zone not letting
you do zone transfers).<br>
<br>
As a general rule, stub zones are usually a lesser evil than
forwarding:<br>
A) because there may be no nameservers available for the domain,
which honor recursion, or<br>
B) in cases where there is a multi-level hierarchy, some of the
published nameservers for descendant zones may be closer, more
reliable, etc. than those responsible for the apex of the
hierarchy, and the algorithm built into named will help to
optimize such traffic dynamically<br>
<br>
I'm not sure I understand the view complexity you reference. Could
you clarify? Note that client source address isn't the *only* way
to select views -- many folks with complicated view configurations
use TSIG keys as a view-selection mechanism.<br>
<br>
-
Kevin<br>
<br>
On 6/2/2014 5:37 PM, Nex6|Bill wrote:<br>
</div>
<blockquote
cite="mid:1401745023.99834.YahooMailNeo@web163501.mail.gq1.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif;font-size:10pt">
<div style="" class=""><span style="" class="">I guess, i am
having issues with this(maybe i am not fully getting it),
and yea I know large environments sometimes have multiple
sets of name servers. sometimes department level (i have
this issue in my shop its a damn mess)</span></div>
<div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;"><br
style="" class="">
<span style="" class=""></span></div>
<div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;"><span
style="" class="">if all the zones are delegated properly
the local resolver will query its NS, and that NS will know
where it should go next, whether its a internet side query
or navigating the mess of local NS servers that some folks
have. in the case of DNS views, where the local resolver may
NOT be able to get to the correct view a forwarder would be
better so you can point to the internal view NS. This keeps
NS servers that are authoritative and responsible for
handing out resource records</span></div>
<div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;"><span
style="" class="">they hand them out. and unless, your
dealing with a load balancer (which is its own exception)
which needs short TTLs, a caching forwarder is far better in
most cases.. <br style="" class="">
</span></div>
<div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;"><span
style="" class=""><br style="" class="">
</span></div>
<div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;"><span
style="" class="">I guess, I am still not sure of the point
of a stub zone, where you point to a different NS? than the
</span><span style="" class=""><span style="" class="">authoritative
NS for that zone? unless your changing the records <br>
</span></span></div>
<div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;"><span
style="" class=""><span style="" class="">which is all
bad....</span></span></div>
<div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;"><br>
<span style="" class=""><span style="" class=""></span></span></div>
<div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;"><span
style="" class=""><span style="" class=""></span> </span></div>
<div class="qtdSeparateBR"><br>
<br>
</div>
<div style="display: block;" class="yahoo_quoted">
<div class="" style="font-family: HelveticaNeue, Helvetica
Neue, Helvetica, Arial, Lucida Grande, sans-serif;
font-size: 10pt;">
<div class="" style="font-family: HelveticaNeue, Helvetica
Neue, Helvetica, Arial, Lucida Grande, sans-serif;
font-size: 12pt;">
<div style="" class="" dir="ltr"> <font style="" class=""
size="2" face="Arial"> On Monday, June 2, 2014 2:18
PM, John Miller <a class="moz-txt-link-rfc2396E" href="mailto:johnmill@brandeis.edu"><johnmill@brandeis.edu></a> wrote:<br
style="" class="">
</font> </div>
<blockquote class="" style="border-left: 2px solid rgb(16,
16, 255); margin-left: 5px; margin-top: 5px;
padding-left: 5px;"> <br style="" class="">
<br style="" class="">
<div style="" class="">Not quite, Bill. You point the
zone at a different name server, but <br style=""
class="" clear="none">
_your_own_nameserver_ still does the iterative queries
to make things <br style="" class="" clear="none">
happen. It just queries a different set of
nameservers than would <br style="" class=""
clear="none">
happen through normal delegation.<br style="" class=""
clear="none">
<br style="" class="" clear="none">
The only recursive query going on is from the client
to your nameserver.<br style="" class="" clear="none">
<br style="" class="" clear="none">
Since you asked the question, what would you propose
as an alternative <br style="" class="" clear="none">
for folks running multiple sets of nameservers with
different info on them?<br style="" class=""
clear="none">
<br style="" class="" clear="none">
John<br style="" class="" clear="none">
<br style="" class="" clear="none">
<br style="" class="" clear="none">
On 06/02/2014 04:52 PM, Nex6|Bill wrote:<br style=""
class="" clear="none">
> so, stub zones allow you to point a zone to a
different name server, and<br style="" class=""
clear="none">
> that name-server; to recurse to get the records
for that zone. why? why<br style="" class=""
clear="none">
> not let DNS work the way it is suppose to and let
your name servers work<br style="" class=""
clear="none">
> for you to the authoritative name-server to get
the records? unless,<br style="" class="" clear="none">
> your changing the zone records, which is why most
people I know use it<br style="" class="" clear="none">
> for, which is evil :)<br style="" class=""
clear="none">
><br style="" class="" clear="none">
> its almost the same, as creating a local zone for
something your not<br style="" class="" clear="none">
> authoritative for and then having to maintain
those records. but, i<br style="" class=""
clear="none">
> guess their may be cases where it may be
useful.... i guess....<br style="" class=""
clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
> On Monday, June 2, 2014 1:33 PM, John Miller <<a
moz-do-not-send="true" style="" class=""
shape="rect" ymailto="mailto:johnmill@brandeis.edu"
href="mailto:johnmill@brandeis.edu">johnmill@brandeis.edu</a>>
wrote:<br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
> Evil? Seems a bit strong. Unusual? Use with
caution? OK.<br style="" class="" clear="none">
><br style="" class="" clear="none">
> Stub zones mean that you're using a different
set of authoritative<br style="" class="" clear="none">
> nameservers for a particular domain. You're
not storing all of that<br style="" class=""
clear="none">
> domain's records, except through the usual
caching process. If it's<br style="" class=""
clear="none">
> a domain you control, where's the harm?<br
style="" class="" clear="none">
><br style="" class="" clear="none">
> Also, let's say that you're nominally a
caching-only nameserver.<br style="" class=""
clear="none">
> You're responsible for making iterative
queries, and you do not want<br style="" class=""
clear="none">
> the RD bit set. AFAIK, stub zones are the way
to accomplish that.<br style="" class="" clear="none">
> Forward zones just pass recursive queries on
to someplace else.<br style="" class="" clear="none">
><br style="" class="" clear="none">
> John<br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
> On Mon, Jun 2, 2014 at 4:02 PM, Nex6|Bill <<a
moz-do-not-send="true" style="" class=""
shape="rect" ymailto="mailto:n6ghost@yahoo.com"
href="mailto:n6ghost@yahoo.com">n6ghost@yahoo.com</a><br
style="" class="" clear="none">
> <mailto:<a moz-do-not-send="true" style=""
class="" shape="rect"
ymailto="mailto:n6ghost@yahoo.com"
href="mailto:n6ghost@yahoo.com">n6ghost@yahoo.com</a>>>
wrote:<br style="" class="" clear="none">
><br style="" class="" clear="none">
> recently, a question came up about "stub"
zones came up and what<br style="" class=""
clear="none">
> they are and are they part of the DNS
standards or are they a<br style="" class=""
clear="none">
> good idea. i said, they are evil and
should not be used if you<br style="" class=""
clear="none">
> can avoid it. they way I understand them
is the are when you<br style="" class="" clear="none">
> create local zones for zones you are NOT
authoritative for. and;<br style="" class=""
clear="none">
> the records in the stub zone do not update
when the<br style="" class="" clear="none">
> authoritative NS does.<br style=""
class="" clear="none">
><br style="" class="" clear="none">
> correct? thoughts?<br style="" class=""
clear="none">
><br style="" class="" clear="none">
> -Nex6<br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
>
_______________________________________________<br
style="" class="" clear="none">
> Please visit <a moz-do-not-send="true"
style="" class="" shape="rect"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br
style="" class="" clear="none">
> to unsubscribe from this list<br style=""
class="" clear="none">
><br style="" class="" clear="none">
> bind-users mailing list<br style=""
class="" clear="none">
> <a moz-do-not-send="true" style=""
class="" shape="rect"
ymailto="mailto:bind-users@lists.isc.org"
href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<mailto:<a moz-do-not-send="true" style="" class=""
shape="rect"
ymailto="mailto:bind-users@lists.isc.org"
href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>><br
style="" class="" clear="none">
> <a moz-do-not-send="true" style=""
class="" shape="rect"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br
style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
> --<br style="" class="" clear="none">
> John Miller<br style="" class="" clear="none">
> Systems Engineer<br style="" class=""
clear="none">
> Brandeis University<br style="" class=""
clear="none">
> <a moz-do-not-send="true" style="" class=""
shape="rect" ymailto="mailto:johnmill@brandeis.edu"
href="mailto:johnmill@brandeis.edu">johnmill@brandeis.edu</a>
<mailto:<a moz-do-not-send="true" style="" class=""
shape="rect" ymailto="mailto:johnmill@brandeis.edu"
href="mailto:johnmill@brandeis.edu">johnmill@brandeis.edu</a>>
<div style="" class="" id="yqtfd65087"><br style=""
class="" clear="none">
><br style="" class="" clear="none">
><br style="" class="" clear="none">
</div>
<br style="" class="">
<br style="" class="">
</div>
</blockquote>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
</blockquote>
<br>
</body>
</html>