Forwarding to two servers
Joseph S D Yao
jsdy at tux.org
Tue Aug 10 18:44:36 UTC 2010
On Fri, Aug 06, 2010 at 10:43:01PM +0100, Tony Finch wrote:
...
> As I understand it, BIND makes recursive queries to forwarding servers. If
> the target is authoritative, you configure the zone as a stub. This is not
> documented.
I believe this is incorrect on both counts. In this form, BIND forwards
all queries, recursive or not, for the specific given domain to the
specific named servers. If the forwarding is in the options, again all
queries (recursive or not) will be forwarded, but only if the query is
not resolvable by any domain on the server itself. ("forward first"
modifies this by trying recursive resolving if the forward fails.)
And this is documented.
> Neither stub nor forward zones work if you are doing DNSSEC validation and
> the parent zone is secure and there is no delegation from the parent zone.
> In this case you have to make the server authoritative for the child zone
> (i.e. you must be the master or a slave) because BIND does not validate
> authoritative zones so it does not trip over the lack of delegation.
I have not tried this yet, but what you have said does not "feel"
correct. It is possible that you meant something different from what
you said. It is also possible that, not having thought it through, I
am wrong. [I am having problems figuring out what specifically you mean
by generic phrases like "the server" and "don't work".]
--
/*********************************************************************\
**
** Joe Yao jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/
More information about the bind-users
mailing list