Forwarding from Internal DNS server.

Kevin Darcy kcd at daimlerchrysler.com
Fri Feb 4 00:27:38 UTC 2000 

>>>>> ">" == union  <union at icon.co.za> writes:

    >> With my original forwarding question, Would it help if I
    >> upgrade my version of bind to 8.x.x and create a "view" to
    >> forward on NXDOMAIN to my ISP's DNS, from my internal root
    >> server???

I guess I still don't quite understand what you're trying to accomplish.
I *thought* you wanted to "customize" your wildcard MX responses so that
clients would always send mail out the "closest" outbound mail gateway.
But I don't see how resolving the queries externally is going to achieve
that. If one of your clients MX queries, say, daimlerchrysler.com, and
the query is resolved externally by *any* normally-configured Internet
DNS server, the client will get a set of Internet addresses as a
response. But that isn't going to tell the client what its
"closest" outbound gateway is, so how does it help you achieve your goal?

Are you perhaps expecting that each ISP will provide their own internal
roots with their own MX wildcards pointing to their servers, for the
consumption of your clients, and then you'd just use "views" to present
these different MX-wildcards to different sets of clients? Before you
build an architecture on that assumption, I'd ask the ISP's whether they
are willing to do that and/or how much they would charge for the service.
I'm not in the ISP business, but I think that this is *not* the way their
mail routing is usually architected; it'd be a "special" that they'd have
to set up just for you.

So, to (finally) answer your question, as best I can: if "views" are
implemented similarly to what is in the _DNS_and_BIND_ book, then I think
you could probably make a "different wildcards from each ISP" scheme
work, *if* you can somehow get all of the ISP's to co-operate, and *if*
you're willing to maintain all of those "views" and *when* BIND 9 comes
out.

Of course, if you have enough nameservers on your intranet, you could
accomplish basically the same thing, without requiring any special
configuration by your ISP's, by just dividing your intranet into
different DNS "universes" each with their own internal root server with a
different set of MX wildcards. But I think both Jim and I agree that
multiple internal roots in the same enterprise is a Bad Idea.

Have you given the "sortlist" idea any more thought? I think it would
entail less maintenance than the "views" approach and is something you
could implement today without proliferating internal roots.


- Kevin

More information about the bind-users mailing list