Firewall, split dns and the forwarders directive
Cricket Liu
cricket at acmebw.com
Tue Jul 20 14:27:22 UTC 1999
> Zone movie.edu is behind a firewall. Thus its name server must forward
> non-local DNS requests to the firewall to be resolved. The firewall is
> not in our direct control, and is not used as a zone name server (only
> as a cacheing name server).
>
> Because of {work overload, political concerns, inertia, whatever}, the
> domain fx.movie.edu is served by a separate name server within the
> firewall.
>
> Now, the order of operation is either {zone, forward} or {zone,
> forward, lookup}, depending on whether the "forward only" option is on
> or not. This is BY DEFINITION - a part of BIND, you can't change that
> without breaking a good many things. But we never want to forward
> requests for "fx.movie.edu" to the firewall. We always want to ask the
> name server, which we KNOW [it's our subdomain, remember?].
>
> Andr, WITHOUT forwarding requests for our subdomain, which is a zone
> on a different server ... tell me how I may do this. Demonstrate.
You might try asking nicely instead of using the imperative.
zone "movie.edu" {
type master;
file "db.movie.edu";
forwarders {};
};
cricket
Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com
Attend our next DNS and BIND class! See
www.acmebw.com/training.htm for the
schedule and to register for upcoming
classes.
More information about the bind-users
mailing list