forwarding a subdomain
Barry Margolin
barmar at alum.mit.edu
Sat Nov 13 07:19:19 UTC 2004
In article <cn39g4$25jk$1 at sf1.isc.org>,
Edward Buck <ed at bashware_REMOVEME_.net> wrote:
> Hi there,
>
> I'm trying to setup a subdomain via forwarding and I'm seeing some
> unexpected behavior (unexpected for me, not necessarily for bind or
> you). Here's the scenario:
>
> I have a public nameserver, i.e. ns1.domain.com, which is authoritative
> for domain.com. In the zone file for domain.com, I've delegated a
> subdomain to another nameserver by doing:
>
> sub IN NS ns1-sub.domain.com.
> ns1-sub IN A 80.80.80.80 ; public ip
>
> Now, on ns1-sub.domain.com, I've configured bind with the following zone:
>
> zone "sub.domain.com" {
> type forward;
> forward first;
> forwarders {
> 10.5.5.1 port 10053; // private ip
> };
> };
>
> The 10.5.5.1 host above is on a private network accessible to ns1-sub
> but not to the general public.
>
> The goal is to have ns1-sub resolve all queries for the subdomain
> sub.domain.com by forwarding each request to the internal server at
> 10.5.5.1.
>
> Now, here's what I don't understand. If I query ns1-sub directly for a
> host in sub.domain.com (i.e. host.sub.domain.com), the forwarding works
> as expected. If I query ns1-sub using a different nameserver (i.e. from
> my ISP nameserver), the query works ONLY If ns1-sub has cached the data.
> If it's not in the cache, there's no answer. This suggests that the
> forwarding doesn't work for recursive queries.
When a recursive server is processing a query, it uses iterative mode,
so it doesn't set the "Recursion Desired" flag when it sends its
queries. When it queries a server that isn't authoritative for the
zone, it expects to receive a referral, and it will then ask one of
those servers, repeating this process until it reaches the authoritative
servers.
In general, a subdomain can only be delegated to an authoritative
server, not a forwarding server.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list