Potential problem.
McNutt, Justin M.
McNuttJ at missouri.edu
Tue Dec 4 17:27:52 UTC 2001
> >Name servers C and D are connected inside the enterprise
> firewall and accept
> >queries only from internal users. Relay is enabled. All
> queries for 'new'
> >stuff are relayed to servers A or B. Servers C and D are
> slaves to server
> >Z.
>
> What is "relay"? The word used in BIND configuration is
> "forwarding", is
> that what you mean?
Yes. Pardon my poor terminology. One of the other DNS admins here calls
that "relay" and I catch myself using his terms. (slaps myself on the
hands)
> >Potential problem: All five name servers will need NS records for
> >themselves, right? If so, won't external name servers cache that and
> >attempt to round-robin queries among all five, and thus fail
> three out of
> >five queries?
>
> No. You usually only need to list nameservers that are
> usable from the
> public Internet in your NS records. Servers C and D are
> queried due to the
> resolver configurations on the internal client machines, not
> NS records, so
> NS records aren't needed.
>
> However, to ensure that C and D are updated quickly when the
> zone changes,
> you should put their addresses in Z's "also-notify" option.
> By default Z
> will only send NOTIFY messages to the servers listed in the
> NS records.
For some reason I was under the impression that the NS records were
necessary for normal DNS operations, but after looking around a bit, I
realize that they are not. They are only used to *advertise* name services.
Many thanks for clearing that up!
--J
More information about the bind-users
mailing list