DNS forwarding: does it actually work?
Joseph S D Yao
jsdy at center.osis.gov
Thu Mar 18 15:49:18 UTC 2004
On Wed, Mar 17, 2004 at 02:29:19PM -0800, Robert wrote:
> I am trying to get Bind 9.2.1 to FIRST forward incoming DNS requests
> to our primary NameServer before looking it up in it's own
> configuration. Is this possible? I thought it was supposed to work
> something like this, but it does not forward requests first...it looks
> them up directly anyway.
>
> under global options I have:
>
> options {
> directory "/var/named";
> pid-file "/var/run/named/named.pid";
> transfers-in 500;
> transfer-format many-answers;
> forward first;
> forwarders {
> 69.56.134.34;
> };
> };
What you want is impossible. If a server is AUTHORITATIVE for a zone,
that means that it is the FINAL AUTHORITY - and why should it ever ask
anyone else for information on that zone? You can't split up a zone
and have some of it here and some of it there. You need to have
different domains, defining different zones.
What you are saying above is: for all NON-LOCAL queries, first try
forwarding to 69.56.134.34; but if that server is not available, then
use regular DNS. This is rarely optimal unless you incur a low network
penalty for accessing that one server, but a high network penalty for
accessing anything else [and that server's connection is also somehat
iffy].
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list