Sharing authority without creating a subdomain
Chris Buxton
cbuxton at menandmice.com
Thu Apr 17 19:57:20 UTC 2008
That depends on what trust relationship exists between administrators
and servers. For example, you could put an $INCLUDE statement into
your domain.com zone, pointing to a file managed by the other
administrator. You can use file permissions to control access.
If the other administrator does not have direct access to your server,
perhaps the file to be included could be copied across by rsync or
scp, evaluated by a script on your end (looking for records not meant
to be managed by this administrator), and then copied into place over
the previous version.
If the $INCLUDE idea doesn't work for you, I think you're going to be
limited to multiple delegations of individual names over to the other
servers. (By the way: In your example data, you used underscores in
the name server names. That is not going to work in the real world,
where name server names have to abide by the rules for hostnames,
meaning you can use letters, numbers, and hyphens.)
Chris Buxton
Professional Services
Men & Mice
On Apr 17, 2008, at 12:21 PM, Steven Stromer wrote:
> Hi,
>
> I am seeking to delegate authority for a few specific hosts, without
> placing those hosts under a subdomain. For instance:
>
> Zone1:
> domain.com, with records for...
> www.domain.com
> mail.domain.com
>
> Zone 2:
> ftp.domain.com
> testing.domain.com
>
>
> It would seem that I could create separate zones for each of the hosts
> listed under Zone 2, and then make each of these zones into children
> in
> Zone1, delegating and providing glue, as such:
>
> ftp 86400 IN NS zone2_ns1.domain.com.
>
> 86400 IN NS zone2_ns2.domain.com.
>
> testing 86400 IN NS zone2_ns1.domain.com.
>
> 86400 IN NS zone2_ns2.domain.com.
>
> zone2_ns1.domain.com. 86400 IN A 192.253.254.2
>
> zone2_ns2.domain.com. 86400 IN A 192.253.254.3
>
>
> However, it seems to be a large amount of work, and just generally bad
> form to create a zone for individual hosts. Is there a better way to
> do
> this?
>
> Thanks!
>
> Steven Stromer
>
>
More information about the bind-users
mailing list