sub-domain delegation issue
Kevin Darcy
kcd at daimlerchrysler.com
Thu Oct 6 20:25:51 UTC 2005
Joel CARNAT wrote:
>Hi,
>I have a Bind (9.2.2) acting as master (10.0.1.7) for company.com.
>I have a Bind (9.2.2) acting as master (10.0.2.7) for away.company.com.
>
>I want the #1 to forward all its query for away.company.com. to #2.
>I don't want #1 to be slave for away.company.com.
>
>#1 just don't forward queries to #2 and answers NXDOMAIN.
>I can manually get the answer from #2 when using
>"dig -t mx @10.0.2.7 away.company.com".
>
>Here's what I tried :
>
>- 1 - edit company.com zone file :
>
>$ORIGIN .
>company.com. SOA ...
>...
>away.company.com. IN NS 10.0.2.7
>
>- 2 - add away.company.com as "type=forward" in #1's named.conf
>
>zone "company.com" {
> type master;
> file "pri/company.com";
>};
>
>zone "away.company.com" {
> type forward;
> forwarders { 10.0.2.7; };
>};
>
>- 3 - add "forwarders { /* none */ };" in "company.com".
>because I saw on archive it may help as #1 has "forward-first and
>forwarders" in its main option section.
>
>I did try -1- alone, then -2- alone, then -1- and -2-, then -2- and -3-.
>In every case, I get NXDOMAIN and no errors in 10.0.2.7's log.
>
>So...
>1. can I do such a thing (aka delegate a sub-domain w/o being slave) ?
>2. if yes, what do I miss ?
>
#1 and #2 should work, but only for *recursive* queries (typically
queries from end-user clients made directly to your nameserver), as
Barry informed you in an earlier message, and only when you point the
delegating NS to a *name*. You can't delegate directly to an IP address.
When servers talk to each other, they generally use *non*-recursive
queries, but in that case, they'll follow that NS record -- which will
be given as a referral if the answer to the query is not in cache -- and
query the delegated nameserver for away.company.com directly.
If you care about redundancy, of course, you would have multiple
nameservers for all of your zones.
-
Kevin
More information about the bind-users
mailing list