type forward with no recursive flag "rd -" --> Does it work?

Fredrik Lysén fredrik.lysen at uadm.uu.se
Wed Oct 29 14:21:55 UTC 2014


Thanks Mark for rapid response,
To have a working solution for both clients and resolvers with "type forward" statement, you also have to delegate and declare NS on the same tree level?

Problem:
I take advantage of slit-dns having view "internal" and "external". Our zone "windns.mycompany.se" are strictly an internal matter, and only appear in view "internal". Zone  mycompany.se are in the view "external", I don't like populating NS records to my internal zone "windns.mycompany.se"!

I don know if there is an internal client or internal resolver asking my DNS questions, I can only see if the RD bit are set or not and if the query are from "my trusted network" (view "internal").

Regards
Fredrik

On 10/27/2014 09:21 PM, Mark Andrews wrote:


Just delegate windns.mycompany.se.  Add something like this to mycompany.se.

        windns.mycompany.se NS nameserver
        windns.mycompany.se NS nameserver

As as to the answer to your question, no.   Forward zones redirect
recursive from the nameserver queries.

Mark

In message <C84E9BC18F8D074983FE0DCB8525DB2B331522BC at COLUMBA02.user.uu.se><mailto:C84E9BC18F8D074983FE0DCB8525DB2B331522BC at COLUMBA02.user.uu.se>, =?i
so-8859-1?Q?Fredrik_Lys=E9n?= writes:


Hi,
When having one zone "windns.mycompany.se" hosted and handled by an
other nameserver (Windows AD) declared as:
zone "windns.mycompany.se" {
        type forward;
        forward only;
        forwarders {10.0.0.1; 10.0.0.2;};
};

Rest of the zones exist on our primary BIND dns caching nameserver.

Client looking for "windns.mycompany.se" will have an answer because the
recursive flag rd (+) are stated and query will be resolved via forwarders.
When a resolver looking for same information, resolver will send
recursive rd (-), and the resolver will never get information regarding
zone  "windns.mycompany.se".

Question:
Shouldn't "Asking the forwarders" be prioritized before the "recursive
rd (-)" flag are taken into consideration? Otherwise I can't see how a
resolver ever will find information in the forward zone
"windns.mycompany.se".

Cheers
Fredrik Lys=E9n =

_______________________________________________
bind-workers mailing list
bind-workers at lists.isc.org<mailto:bind-workers at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-workers





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/mailman/private/bind-workers/attachments/20141029/a0622f70/attachment.html>


More information about the bind-workers mailing list