Forward by zone...

Tue Nov 13 13:00:43 UTC 2001

Douglas,
If you son't want to delegate then as Mark says, you need a zone cut in
dude.com.  What I did for a similar situation using Cisco Distributed
Director is delegate back to the same server.  It then follows the forward
zone definition.  The main problem is that cached responses (which with
BIND 9 is all responses) do not have AA bit set.  I simply ignore this at
the moment.
rgds
Marc TXK
________________________________________________________________________
The views expressed are personal and do not necessarily reflect those of
the organisation providing the mail address from which this message was
sent

                    Mark_Andrews at is                                                                               
                    c.org                  To:     "Chimento, Douglas" <Douglas.Chimento at FMR.COM>                 
                    Sent by:               cc:     "'Cricket Liu'" <cricket at menandmice.com>, bind-users at isc.org   
                    bind-users-boun        Subject:     Re: Forward by zone...                                    
                    ce at isc.org                                                                                    

                    10/11/2001                                                                                    
                    15:44                                                                                         

> Thank you very much for you help.  But it very difficult to explain what
I
> am doing, of course I would never configure my name server to do this ,
its
> crap. Here is what I can tell that may be of help
>
> Server b ( the one I am forwarding to) , is not a true BIND server , its
a
> 3dns f5 box.

           OK.

> I can't do a zone transfer of the sub-domain sweet.dude.com because they
> want 3dns to handle all queries
> Which leaves me with the forward by zone implementation. ( by the way the
N
> S
> records worked!! )

           Good.

> > Is this version of dude.com only visible to internal machines?
> yes
>
> > Who do you want to know about sweet.dude.com?
> not sure what you mean , or why this is relevant. But i guess any one who
i
> s
> pointed to Server A ( master for dude.com )
> would want to know about sweet.dude.com ( ues , i know its dumb response
)

           Well there are tricks you can play such that different clients
           see different results using the some zone contents.  I need to
           know if I had to explain how to perform those tricks.  It sounds
           like they are not needed.

>
> >Are you just trying to override the global forwarding for
>          internal subdomains?
> kind of but not really
>
>
> I think the main point of all of this is:
>
> I want RRs in sweet.dude.com to be answered by another server, it just so
> happens that server A also has dude.com
> as master and i can't  do sub domain delegation

           But you could, did and it worked.  That what adding the NS
           record did.  You also had to override the global forwarding.

           Note just disabling forwarding under dude.com might be a
           a better solution compared with using a forward zone.
           You can do this by using a empty forwarders clause in the
           zone definition for dude.com.

                     forwarders { /* empty */ };

           Mark
>
> I hope this helps
> Thank you
>
> -----Original Message-----
> From: Mark.Andrews at isc.org [mailto:Mark.Andrews at isc.org]
> Sent: Friday, November 09, 2001 8:38 PM
> To: Chimento, Douglas
> Cc: 'Cricket Liu'; bind-users at isc.org
> Subject: Re: Forward by zone...
>
>
>
> >
> > Fine, You win
> > This is extactly what we have in PRODUCTION
> >
> > options {
> >         directory "/var/named";
> >         forward only;
> >         forwarders {
> >                 192.168.31.11; 192.168.31.80; 192.168.31.81;
> >         };
> >         check-names slave ignore;
> >         dump-file "/var/tmp/named_dump.db";
> >         statistics-file "/var/tmp/named.stats";
> >         memstatistics-file "/var/tmp/named.memstats";
> >         /*
> >          * If there is a firewall between you and nameservers you want
> >          * to talk to, you might need to uncomment the query-source
> >          * directive below.  Previous versions of BIND always asked
> >          * questions using port 53, but BIND 8.1 uses an unprivileged
> >          * port by default.
> >          */
> >         // query-source address * port 53;
> > };
> >
> > zone "sweet.dude.com" {
> >         type forward;
> >         forward only;
> >         forwarders { 172.26.11.100; }; //SERVER B
> > };
> >
> > zone "dude.com" {
> >         type master;
> >         file "fwd/dude.com";
> >         also-notify { 192.168.31.89; 192.168.4.88; 192.168.4.89;
> > 192.168.45.88; 192.168.45.89; };
> > };
>
>          This configuration will not work unless there is a delegating
>          NS RRset for sweet.dude.com in dude.com.
>
>          Without the NS RRset you are telling the server to do to
>          answer questions for sweet.dude.com in two different ways
>          and the contents of the dude.com zone win (sweet.dude.com
>          does not exist).
>
>          Now there are a number of ways to solve this but we need to
>          know what you are trying to achieve.
>
>          Is this version of dude.com only visible to internal machines?
>          Who do you want to know about sweet.dude.com?
>          Are you just trying to override the global forwarding for
>          internal subdomains?
>
>          Mark
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org