<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">The typical use case for a stub zone is
      where the delegation chain is broken, or incorrect, but you don't
      want to incur the overhead of slaving the zone (or some other sort
      of bureaucratic snafu like the owner/admin of the zone not letting
      you do zone transfers).<br>
      <br>
      As a general rule, stub zones are usually a lesser evil than
      forwarding:<br>
      A) because there may be no nameservers available for the domain,
      which honor recursion, or<br>
      B) in cases where there is a multi-level hierarchy, some of the
      published nameservers for descendant zones may be closer, more
      reliable, etc. than those responsible for the apex of the
      hierarchy, and the algorithm built into named will help to
      optimize such traffic dynamically<br>
      <br>
      I'm not sure I understand the view complexity you reference. Could
      you clarify? Note that client source address isn't the *only* way
      to select views -- many folks with complicated view configurations
      use TSIG keys as a view-selection mechanism.<br>
      <br>
                                                                  -
      Kevin<br>
      <br>
      On 6/2/2014 5:37 PM, Nex6|Bill wrote:<br>
    </div>
    <blockquote
      cite="mid:1401745023.99834.YahooMailNeo@web163501.mail.gq1.yahoo.com"
      type="cite">
      <div style="color:#000; background-color:#fff;
        font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
        Lucida Grande, sans-serif;font-size:10pt">
        <div style="" class=""><span style="" class="">I guess, i am
            having issues with this(maybe i am not fully getting it),
            and yea I know large environments sometimes have multiple
            sets of name servers. sometimes department level (i have
            this issue in my shop its a damn mess)</span></div>
        <div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
          font-family: HelveticaNeue,Helvetica
          Neue,Helvetica,Arial,Lucida Grande,sans-serif;
          background-color: transparent; font-style: normal;"><br
            style="" class="">
          <span style="" class=""></span></div>
        <div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
          font-family: HelveticaNeue,Helvetica
          Neue,Helvetica,Arial,Lucida Grande,sans-serif;
          background-color: transparent; font-style: normal;"><span
            style="" class="">if all the zones are delegated properly
            the local resolver will query its NS, and that NS will know
            where it should go next, whether its a internet side query
            or navigating the mess of local NS servers that some folks
            have. in the case of DNS views, where the local resolver may
            NOT be able to get to the correct view a forwarder would be
            better so you can point to the internal view NS. This keeps
            NS servers that are authoritative and responsible for
            handing out resource records</span></div>
        <div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
          font-family: HelveticaNeue,Helvetica
          Neue,Helvetica,Arial,Lucida Grande,sans-serif;
          background-color: transparent; font-style: normal;"><span
            style="" class="">they hand them out. and unless, your
            dealing with a load balancer (which is its own exception)
            which needs short TTLs, a caching forwarder is far better in
            most cases.. <br style="" class="">
          </span></div>
        <div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
          font-family: HelveticaNeue,Helvetica
          Neue,Helvetica,Arial,Lucida Grande,sans-serif;
          background-color: transparent; font-style: normal;"><span
            style="" class=""><br style="" class="">
          </span></div>
        <div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
          font-family: HelveticaNeue,Helvetica
          Neue,Helvetica,Arial,Lucida Grande,sans-serif;
          background-color: transparent; font-style: normal;"><span
            style="" class="">I guess, I am still not sure of the point
            of a stub zone, where you point to a different NS? than the
          </span><span style="" class=""><span style="" class="">authoritative
              NS for that zone? unless your changing the records <br>
            </span></span></div>
        <div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
          font-family: HelveticaNeue,Helvetica
          Neue,Helvetica,Arial,Lucida Grande,sans-serif;
          background-color: transparent; font-style: normal;"><span
            style="" class=""><span style="" class="">which is all
              bad....</span></span></div>
        <div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
          font-family: HelveticaNeue,Helvetica
          Neue,Helvetica,Arial,Lucida Grande,sans-serif;
          background-color: transparent; font-style: normal;"><br>
          <span style="" class=""><span style="" class=""></span></span></div>
        <div class="" style="color: rgb(0, 0, 0); font-size: 13.3333px;
          font-family: HelveticaNeue,Helvetica
          Neue,Helvetica,Arial,Lucida Grande,sans-serif;
          background-color: transparent; font-style: normal;"><span
            style="" class=""><span style="" class=""></span>  </span></div>
        <div class="qtdSeparateBR"><br>
          <br>
        </div>
        <div style="display: block;" class="yahoo_quoted">
          <div class="" style="font-family: HelveticaNeue, Helvetica
            Neue, Helvetica, Arial, Lucida Grande, sans-serif;
            font-size: 10pt;">
            <div class="" style="font-family: HelveticaNeue, Helvetica
              Neue, Helvetica, Arial, Lucida Grande, sans-serif;
              font-size: 12pt;">
              <div style="" class="" dir="ltr"> <font style="" class=""
                  size="2" face="Arial"> On Monday, June 2, 2014 2:18
                  PM, John Miller <a class="moz-txt-link-rfc2396E" href="mailto:johnmill@brandeis.edu"><johnmill@brandeis.edu></a> wrote:<br
                    style="" class="">
                </font> </div>
              <blockquote class="" style="border-left: 2px solid rgb(16,
                16, 255); margin-left: 5px; margin-top: 5px;
                padding-left: 5px;"> <br style="" class="">
                <br style="" class="">
                <div style="" class="">Not quite, Bill.  You point the
                  zone at a different name server, but <br style=""
                    class="" clear="none">
                  _your_own_nameserver_ still does the iterative queries
                  to make things <br style="" class="" clear="none">
                  happen.  It just queries a different set of
                  nameservers than would <br style="" class=""
                    clear="none">
                  happen through normal delegation.<br style="" class=""
                    clear="none">
                  <br style="" class="" clear="none">
                  The only recursive query going on is from the client
                  to your nameserver.<br style="" class="" clear="none">
                  <br style="" class="" clear="none">
                  Since you asked the question, what would you propose
                  as an alternative <br style="" class="" clear="none">
                  for folks running multiple sets of nameservers with
                  different info on them?<br style="" class=""
                    clear="none">
                  <br style="" class="" clear="none">
                  John<br style="" class="" clear="none">
                  <br style="" class="" clear="none">
                  <br style="" class="" clear="none">
                  On 06/02/2014 04:52 PM, Nex6|Bill wrote:<br style=""
                    class="" clear="none">
                  > so, stub zones allow you to point a zone to a
                  different name server, and<br style="" class=""
                    clear="none">
                  > that name-server; to recurse to get the records
                  for that zone. why? why<br style="" class=""
                    clear="none">
                  > not let DNS work the way it is suppose to and let
                  your name servers work<br style="" class=""
                    clear="none">
                  > for you to the authoritative name-server to get
                  the records? unless,<br style="" class="" clear="none">
                  > your changing the zone records, which is why most
                  people I know use it<br style="" class="" clear="none">
                  > for, which is evil :)<br style="" class=""
                    clear="none">
                  ><br style="" class="" clear="none">
                  > its almost the same, as creating a local zone for
                  something your not<br style="" class="" clear="none">
                  > authoritative for and then having to maintain
                  those records. but, i<br style="" class=""
                    clear="none">
                  > guess their may be cases where it may be
                  useful....  i guess....<br style="" class=""
                    clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  > On Monday, June 2, 2014 1:33 PM, John Miller <<a
                    moz-do-not-send="true" style="" class=""
                    shape="rect" ymailto="mailto:johnmill@brandeis.edu"
                    href="mailto:johnmill@brandeis.edu">johnmill@brandeis.edu</a>>
                  wrote:<br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  >    Evil?  Seems a bit strong.  Unusual?  Use with
                  caution?  OK.<br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  >    Stub zones mean that you're using a different
                  set of authoritative<br style="" class="" clear="none">
                  >    nameservers for a particular domain.  You're
                  not storing all of that<br style="" class=""
                    clear="none">
                  >    domain's records, except through the usual
                  caching process.  If it's<br style="" class=""
                    clear="none">
                  >    a domain you control, where's the harm?<br
                    style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  >    Also, let's say that you're nominally a
                  caching-only nameserver.<br style="" class=""
                    clear="none">
                  >    You're responsible for making iterative
                  queries, and you do not want<br style="" class=""
                    clear="none">
                  >    the RD bit set.  AFAIK, stub zones are the way
                  to accomplish that.<br style="" class="" clear="none">
                  >    Forward zones just pass recursive queries on
                  to someplace else.<br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  >    John<br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  >    On Mon, Jun 2, 2014 at 4:02 PM, Nex6|Bill <<a
                    moz-do-not-send="true" style="" class=""
                    shape="rect" ymailto="mailto:n6ghost@yahoo.com"
                    href="mailto:n6ghost@yahoo.com">n6ghost@yahoo.com</a><br
                    style="" class="" clear="none">
                  >    <mailto:<a moz-do-not-send="true" style=""
                    class="" shape="rect"
                    ymailto="mailto:n6ghost@yahoo.com"
                    href="mailto:n6ghost@yahoo.com">n6ghost@yahoo.com</a>>>
                  wrote:<br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  >        recently, a question came up about "stub"
                  zones came up and what<br style="" class=""
                    clear="none">
                  >        they are and are they part of the DNS
                  standards or are they a<br style="" class=""
                    clear="none">
                  >        good idea. i said, they are evil and
                  should not be used if you<br style="" class=""
                    clear="none">
                  >        can avoid it.  they way I understand them
                  is the are when you<br style="" class="" clear="none">
                  >        create local zones for zones you are NOT
                  authoritative for. and;<br style="" class=""
                    clear="none">
                  >        the records in the stub zone do not update
                  when the<br style="" class="" clear="none">
                  >        authoritative NS does.<br style=""
                    class="" clear="none">
                  ><br style="" class="" clear="none">
                  >        correct? thoughts?<br style="" class=""
                    clear="none">
                  ><br style="" class="" clear="none">
                  >        -Nex6<br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  >       
                  _______________________________________________<br
                    style="" class="" clear="none">
                  >        Please visit <a moz-do-not-send="true"
                    style="" class="" shape="rect"
                    href="https://lists.isc.org/mailman/listinfo/bind-users"
                    target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br
                    style="" class="" clear="none">
                  >        to unsubscribe from this list<br style=""
                    class="" clear="none">
                  ><br style="" class="" clear="none">
                  >        bind-users mailing list<br style=""
                    class="" clear="none">
                  >        <a moz-do-not-send="true" style=""
                    class="" shape="rect"
                    ymailto="mailto:bind-users@lists.isc.org"
                    href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
                  <mailto:<a moz-do-not-send="true" style="" class=""
                    shape="rect"
                    ymailto="mailto:bind-users@lists.isc.org"
                    href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>><br
                    style="" class="" clear="none">
                  >        <a moz-do-not-send="true" style=""
                    class="" shape="rect"
                    href="https://lists.isc.org/mailman/listinfo/bind-users"
                    target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br
                    style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  ><br style="" class="" clear="none">
                  >    --<br style="" class="" clear="none">
                  >    John Miller<br style="" class="" clear="none">
                  >    Systems Engineer<br style="" class=""
                    clear="none">
                  >    Brandeis University<br style="" class=""
                    clear="none">
                  >    <a moz-do-not-send="true" style="" class=""
                    shape="rect" ymailto="mailto:johnmill@brandeis.edu"
                    href="mailto:johnmill@brandeis.edu">johnmill@brandeis.edu</a>
                  <mailto:<a moz-do-not-send="true" style="" class=""
                    shape="rect" ymailto="mailto:johnmill@brandeis.edu"
                    href="mailto:johnmill@brandeis.edu">johnmill@brandeis.edu</a>>
                  <div style="" class="" id="yqtfd65087"><br style=""
                      class="" clear="none">
                    ><br style="" class="" clear="none">
                    ><br style="" class="" clear="none">
                  </div>
                  <br style="" class="">
                  <br style="" class="">
                </div>
              </blockquote>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list

bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>