Forwarding to two servers
Tony Finch
dot at dotat.at
Tue Aug 10 18:50:21 UTC 2010
On Tue, 10 Aug 2010, Joseph S D Yao wrote:
> On Fri, Aug 06, 2010 at 10:43:01PM +0100, Tony Finch wrote:
> ...
> > As I understand it, BIND makes recursive queries to forwarding servers. If
> > the target is authoritative, you configure the zone as a stub. This is not
> > documented.
>
> I believe this is incorrect on both counts. In this form, BIND forwards
> all queries, recursive or not, for the specific given domain to the
> specific named servers.
I'm not talking about the queries made to bind, I'm talking about what
bind expects of the target servers you are pointing it at and how it makes
queries to those servers.
> > Neither stub nor forward zones work if you are doing DNSSEC validation and
> > the parent zone is secure and there is no delegation from the parent zone.
> > In this case you have to make the server authoritative for the child zone
> > (i.e. you must be the master or a slave) because BIND does not validate
> > authoritative zones so it does not trip over the lack of delegation.
>
> I have not tried this yet,
I have.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND PLYMOUTH: WEST OR SOUTHWEST 5 OR 6,
OCCASIONALLY 7 AT FIRST, DECREASING 3 OR 4. SLIGHT OR MODERATE. RAIN THEN
SHOWERS. MODERATE OR POOR, BECOMING GOOD.
More information about the bind-users
mailing list