type forward question

Kevin Darcy kcd at daimlerchrysler.com
Wed Aug 29 19:15:22 UTC 2001 

I'm not sure what you mean by "strict" delegation. Delegation is
delegation. As for BIND "changing query to type ALL", I find this hard to
believe -- neither BIND nor any other DNS implementation I know changes the
type of a client's query (although when fetching glue of course it may
issue subsidiary NS and/or A queries). And why would the client even be
asking about a zone that doesn't exist? Note that the neat thing about
recursive SOA queries is that, barring abnormal responses like
SERVFAIL/FORMERR/REFUSED, you always get an SOA RR in the response (either
the SOA that was requested, or an NXDOMAIN response with an SOA in the
Authority Section for the closest enclosing zone). I suspect you
misdiagnosed the original problem and/or didn't delegate properly. I would
definitely *not* resort to forwarding in this situation.


- Kevin

Anthony Golia wrote:

> hi.  'using BIND 8.2.3 and I had a question about forward zones.  i
> searched some mails on this group but didn't find a clear answer.  For
> internal DNS i use a global forwarders option and am master for, say,
> foo.com.  I want to delegate _msdcs.foo.com (and the other win2k
> thingies) to my win2k servers.  strict delegation and/or stub zones
> aren't working 'cause of a weird issue I can get into (win2k client asks
> for SOA of a zone that doesn't really exist, BIND delegates request to
> win2k DNS changing query to type ALL, gets back stuff win2k client
> chokes on).  So i attempt forwarders but BIND doesn't seem to forward
> the requests for _msdcs.foo.com.  Is this syntax correct?  Am I not
> allowed to do this?
>
> options {
>         directory "/var/named";
>         forwarders {
>                 10.10.10.3;
>         };
>         forward only;
> };
>
> zone "." {
>         type hint;
>         file "cache";
> };
>
> zone "foo.com" {
>         type master;
>         file "zone/foo.com";
>         forwarders { };
> };
>
> zone "_msdcs.foo.com" {
>         type forward;
>         forward only;
>         forwarders { 10.10.10.20; };
> };
>
> Thanks in advance for responses.
>
> --
> Anthony

More information about the bind-users mailing list