Forward only some subdomains?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Feb 10 21:25:32 UTC 2004
> In article <c085f1$2gca$1 at sf1.isc.org>,
> David Botham <DBotham at OptimusSolutions.com> wrote:
>
> > > >Anyway, put to RR's into
> > > > your internal zone, one for pop... and the other for smtp... each with
> > the
> > > > IP address of the pop and smtp servers respectively (or the same IP if
> >
> > > > both service run on the same box).
> > > >
> > > that's what I'm doing now. It just doesn't seem right, since they may
> > > change their mail server IPs, and I would have to keep an eye on that
> > > and change the internal zone whenever that happens.
> >
> > Yes, this situation is a little unfortunate, however, that is the price
> > you pay if you do not run your own name servers.
> >
> > However, you could make pop. and smpt. CNAMEs for charter's domain names.
> > That way, if they change the IP address associated with their domain
> > names, you won't care.
> >
> If you mean:
>
> pop.ourdomain.com IN CNAME pop.chartermi.net
>
> then that's no good - they're switching us to pop.ourdomain.com, which
> is what caused this DNS problem. No guarantee the the two will resolve
> the same in the future. I guess I'll stick with manually assigning them
> in my internal zone setup. And look seriously at our own mail server.
>
>
> > Once upon a time when firewalls were alomost exclusively proxy based, you
> > were forced into "forwarding" to the internal interface of your firewall.
> > Then, along came stateful inspection and I think (just a guess) that
> > people thought "forwarding" was a requirement, so they started forwarding
> > to their ISP. If you can forward to your ISP, then you can certainly turn
> > off forwarding and use normal resolution / iteration to answer internal
> > queries.
>
> Hm, I'll look into this.
>
>
> > >
> > > IS there a way to do this then? - handling only PART of a domain?
> >
> > You can do part of a domain if you are talking about subdomains, however,
> > you cannot do "part" of a zone. If a name server has loaded a zone
> > (either as master or slave), then that name server will never look for
> > data on any other server for data that is in that zone.
>
> Bummer.
>
>
> thanks
>
> - WoK
>
> --
> Don't Panic.
>
Ask your ISP to make pop.ourdomain.com and smtp.ourdomain.com
seperate zone. You can then just slave them.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list