Dear List,
Regarding the problems i had in my previous posting '9.3.1 - views leak
forwarding type zones?' i asked bind9-bugs@isc.org if this was a bug.
Mark Andrews answered in Ticket #14935 and explained to me that zones of
type 'forward' are not actually handled as real zones but that for these
'zones' recursion is used prior to actually rerouting the query to the
nameserver defined in the forwarders section. 

This behaviour is not documented in the BIND 9 Administrator Reference
Manual so i would like to ask you if you think this is worth mentioning.

Two people with programming and internet engineering skills i spoke to on
the subject even said this is not the way they would have implemented the
feature. Actually they said something like: Arrrgh! ;-)

I think this behaviour should find its way in the documentation for it is
simply not what people expect when they are used to setting up authorative
zones.

Additionally i came accross the following error message which is also not
documented:
"option 'allow-query' is not allowed in 'forward' zone 'zone.tld'"

Mark wrote: "named is not designed to be a proxy for another server." and i
thought: then why are there type forward zones at all? And instantly knew:
Ok, it is a bind8 feature that needed to be kept and got implemented in a
hack, i will need to live with that.

I will actually use views with empty master zones for the ones i don't like
people from certain networks to see, to implement what i intended; which is
ugly but i don't see any way around it without having to use two seperate
bind9 processes.

	Stefan
-- 
- The advocate will refrain from making her opponent disappear.
Data to Ardra, "Devil's Due.", ST-TNG

-- Attached file included as plaintext by Ecartis --
-- File: signature.asc
-- Desc: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCzSeTwCTKSDyz3swRAnvYAKDMFE/AGydYtzejRWHyAAs3Rg0FQACfdDb0
mck9g3Y7+8tf6BHoT4ZOQmE=
=8sgq
-----END PGP SIGNATURE-----