BIND 8 forwarding question

[Lemman, Paul]

I'd thought about just making the mentorg.com zone declaration a stub zone as you suggest.  The problem is that the site is connected to our internal roots via a VPN.  If the VPN goes down, I don't want the forwarder to then ask the Internet roots which winds up pulling data from our external view (we run a split horizon DNS) servers.  These machines will return some RNAT addresses which would then be cached when the VPN comes back up and cause problems.  

It sounds like what you're suggesting would work since even if the VPN goes down, the forwarder would just be unable to talk to the internal root nameservers and return a failure.

Thanks,

paul


paul lemman                                       V: 503.685.1554
IT Computer Services                           www.mentor.com
Mentor Graphics Corporation


-----Original Message-----
From: Cricket Liu [mailto:cricket at menandmice.com]
Sent: Monday, October 08, 2001 11:22 AM
To: Lemman, Paul; bind-users at isc.org
Subject: Re: BIND 8 forwarding question


> Sorry I wasn't clear.
>
> From cricket's response, it sounds like this won't work since the
forwarding server
> doesn't forward to anyone else.

Actually, Paul, it should work once everything's set up, if I understand
what you want to do correctly.  Let me see if I've got it:

- You want your forwarder to resolve Internet domain names iteratively
(by working its way down from the root name servers)

- You want your forwarder to resolve mentorg.com domain names
iteratively by working its way down from the internal mentorg.com
name servers, at 147.34.22.13, 147.34.96.122, 137.202.21.21 and
137.202.93.16.

Is that right?

If that's the case, delete the "forward" and "forwarders" substatements
from your stub zone and make sure the name server is able to look up
mentorg.com's SOA and NS records from those four name servers.
If it is, this should be working.

cricket

Men & Mice
DNS Software & Services
www.menandmice.com