BIND 8.x and W2k Update

Kevin Darcy kcd at daimlerchrysler.com
Fri Oct 6 18:32:18 UTC 2000 

Loucks, Guy wrote:

> People,
>
> A further update to our BIND and W2K issue, before I forward this as a
> suggestion / bug I would welcome peoples comments.
>
> It appears the following config does not support delegation:
>
> options {
>         directory "/etc/namedb/ns_db";
>         forward only;
>         forwarders {
>                 153.107.41.18;
>                 153.107.41.146;
>                 153.107.41.18;
>                 153.107.41.146;
>                 153.107.41.18;
>                 153.107.41.146;
>         };
>         multiple-cnames yes;
>         version "Surely you must be joking!";
>
> You must not be a forward configuration. I have not found anything
> enlightening in any of the docs, or news archives.

What do you mean when you say that this config "does not support
delegation"? Delegation is something that happens in zone files, not in an
"options" clause. Please be more specific about the problem(s) you had when
you tried to delegate with that configuration. I've had no problems mixing
forwarding and delegation in any version of BIND I've ever worked with.

> We have even had difficulties with defining a separate forward in the
> delegated zone.

Again, be specific. I assume you're actually running a version of BIND which
supports per-domain forwarding, right (at least 8.2)? Otherwise, no surprise
it didn't work.

> It looks like someone decided if you are parenting you must not be a
> slave!?!??

Huh? What do slaves have to do with anything? This is the first time you've
mentioned slaves.

> Any comments on whether this was a deliberate or an unintentional design
> decision would be greatly appreciated.

Hard to comment when it's so unclear what exactly the problem is.

> We have only tested bind 8 code, we have an issue with Round Robin CNAMES
> which must be resolved prior to analysis of bind 9.

There is no issue. There is no such thing as a legal "round robin" CNAME
since the owner name of a CNAME can have only 1 record associated with it
(notwithstanding some of the newer DNSSEC stuff, which I assume is not
relevant here). Sounds like you've been doing something illegal for years
and now your crutch has been taken away. Deal with it. Point the CNAME at a
multi-valued name, e.g. a name that owns multiple A records. *THAT* is how
you *legally* do "round robin" in DNS.


- Kevin

More information about the bind-users mailing list