Firewall, split dns and the forwarders directive

[Cricket Liu]

> Zone movie.edu is behind a firewall.  Thus its name server must forward
> non-local DNS requests to the firewall to be resolved.  The firewall is
> not in our direct control, and is not used as a zone name server (only
> as a cacheing name server).
> 
> Because of {work overload, political concerns, inertia, whatever}, the
> domain fx.movie.edu is served by a separate name server within the
> firewall.
> 
> Now, the order of operation is either {zone, forward} or {zone,
> forward, lookup}, depending on whether the "forward only" option is on
> or not.  This is BY DEFINITION - a part of BIND, you can't change that
> without breaking a good many things.  But we never want to forward
> requests for "fx.movie.edu" to the firewall.  We always want to ask the
> name server, which we KNOW [it's our subdomain, remember?].
> 
> Andr, WITHOUT forwarding requests for our subdomain, which is a zone 
> on a different server ... tell me how I may do this.  Demonstrate.

You might try asking nicely instead of using the imperative.

zone "movie.edu" {
    type master;
    file "db.movie.edu";
    forwarders {};
};

cricket

Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com

Attend our next DNS and BIND class!  See
www.acmebw.com/training.htm for the
schedule and to register for upcoming
classes.