Zone-based DNS forwarders question

Mon Apr 15 19:56:38 UTC 2002

Shawn Barnhart <swb+news at cmenoc.campbell-mithun.com> wrote:
> Am I reading the docs correctly?  Is it possible to do zone-based
> forwarding?

Yes, bind-9 and recent bind-8 hast the "forward-zone" capability.

In essence you define a zone:

zone "somewhere.se" {
	type forward;
	forwarders { whatever;};
 .
 .

> A business partner with a number of applications we need to access has an
> internal/external DNS setup.  The external DNS that our clients ultimately
> query when they make DNS queries returns a real, non-RFC1918 address, but
> the applications can't use these addresses -- traffic goes to them over the
> internet and doesn't reach the hosts the applications are on.

> When clients make a DNS query that gets resolved by the business partner's
> internal DNS, a different non-RFC1918 address gets returned -- this one
> represents the server's "actual" IP address, and traffic flows over our
> defined private link.

> we've kludged a solution to this problem in the office affected by it by
> giving out the business partner's internal DNS as our client's DNS server
> address.  A more optimal solution (or a better kludge, depending on your
> perspective) would be using a forwarder zone for the domain(s) that
> dependent applications use.

See the bind-9 documentation, it's welldocumented there :

"http://www.ipsec.nu/dns/bind9/Bv9ARM.ch06.html#zone_statement_grammar"

> Is it possible to do this on a semi-atomic level, though?  Can I define a
> zone with some static entries and have the rest be forwarded?

Nope. You could however transfer the zone , massage it with perl to
change contents, and then present it as a master for said zone. Nothing
to recommend but i have seen it done.

-- 
Peter Håkanson         
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
	   Remove "icke-reklam" and it works.