Subdomain nameserver configuration question...
Jeff Reasoner
jeff.reasoner at mail.hccanet.org
Tue Jul 8 18:42:43 UTC 2008
On Tue, 2008-07-08 at 14:33 -0400, Kyle McDonald wrote:
> Chris Buxton wrote:
> > Your basic problem is that your authoritative name servers are also
> > doing recursion. If you can avoid this, do so - turn recursion off on
> > the name servers that host the subdomain.
> Ok. I have, and want, the clients in the subdomain to use these servers
> (in their resolv.conf) to resolve queries. Doesn't that mean I need
> recursion on? Is that a bad idea?
> >
> > If your authoritative name servers must also perform recursion, set up
> > either stub zones or slave zones for the apex(es) of the internal
> > domain(s) - this may be the "parent domain" you mentioned, or the
> > parent of that domain, or possibly even further upstream in the
> > namespace hierarchy. If you have any global forwarding turned on,
> > conditionally turn it off for these stub or slave zones.
> >
OT here I realize, but Win2K3 DNS does support stub zones.
> I'm not sure I'm understanding this. Create stub or slave zones on my
> name servers? or on the parent? The parent domain is managed by Win2k3
> DNS servers and I don't think they have the concept of 'stub' zones.
>
> I did make my servers slaves of the parent. That solved it, but it seems
> like a hack. After reading up more on forwarders, I was thinking of
> adding a 'forward' zone named after the parent which pointed to the
> parent domain's nameservers like:
>
> zone egenera.com
> {
> type forward;
> forwarders { 1.2.3.4, 1.2.5.6; };
> }
>
> Is this what you mean by stub? Actually if you mean that I should create
> a stub on my server, then I guess you're right, that should work
> similiar to the forwarder or slave.
>
>
> So it seems I have a bunch of options:
>
> 1) Disable recursion. Optionally:
> a) configure clients to resolve with parent servers.
> b) configure global forwarding to parent servers.
>
> 2) Setup Selective forwarding with a 'forward' zone for the parent domain.
>
> 3) Setup a 'stub' zone for the parent domain. (Is this any different
> than the 'forward' zone?)
>
> 4) Setup 'slave' zones of the partent, complete with zone transfers,
> updates, etc.
>
> Right now I'm thinking tha #2 sounds best, with 1b as a second choice.
>
> Anything wrong with my logic or understanding?
>
> Thanks for the help!
>
> -Kyle
>
--
Jeff Reasoner
HCCA
513 728-7902 voice
More information about the bind-users
mailing list