Need help with a STRANGE configuration

Kevin Darcy kcd at daimlerchrysler.com
Mon Jan 10 21:58:45 UTC 2000 

Barry Margolin wrote:

> In article <slrn87k8fl.gan.lurker at angband.org>,
> Chris A. Henesy <lurker at NO.SPAM.cc.gatech.edu> wrote:
> >What I would like to do is set up BIND on my box so that it is a cacheing
> >nameserver that forwards requests for machines in mydomain.com,
> >subdomain.mydomain.com, moresubdomains.mydomain.com, etc., to our internal
> >DNS server, and requests for all other domains to the ISP's DNS server.
> >(My machine itself will store no zonefiles)
>
> options {
>   forwarders { <ISP's DNS server address>; };
>   forward only;
> };
>
> zone "mydomain.com" {
>   type forward;
>   forwarders { <internal DNS server address>; };
> };
>
> The "type forward" zone was introduced in BIND 8.2.

Note that if the internal server doesn't allow recursive queries, zones of type
"forward" aren't going to work. In that case, you'll *have* to store some
internal-zone information on your box, but only for the top-level zone of each
internal domain. You can define these as either

zone "mydomain.com" {
    type stub;
    file "<some file>";
    forwarders {};
    masters { <internal DNS server address>; };
};

    -or-

zone "mydomain.com" {
    type slave;
    file "<some file>";
    forwarders {};
    masters { <internal DNS server address>; };
};

The reason for specifying "forwarders {}" is to inhibit forwarding for names in
subzones (according to the documentation, I think you need 8.2.2 or later in order
to specify this for non-forward zones). The "zonefiles" for stub zones are quite
tiny, since they just contain NS information, not the whole zone. Slave zones
consume more resources due to zone transfers and higher disk storage requirements,
but generally provide better query performance and redundancy, since everything is
kept locally. Of course, you won't be able to use a slave zone unless the master
allows you to do zone transfers.

With my {ahem!} unofficial patch, you could even use a hints file with your
default forwarder! But in that case, you'd still have to define all of the
top-level zones as "forwarders {}" in order to inhibit default forwarding and thus
enable the use of the internal root(s) for those domains.


- Kevin

More information about the bind-users mailing list