Master for root and per-zone forwarding

Kevin Darcy kcd at daimlerchrysler.com
Sat Dec 14 00:11:05 UTC 2002 

Tim Maestas wrote:

>Using a BIND 8.3.4  server that is authoritative for the root 
>zone, is it possible to still do type forward zones?  Will the server 
>honor the type forward zone first, or attempt to look for delegation in 
>the root zone first, and, not finding any, return nxdomain?
>
>I had always thought that servers that are master for the root zone could
>not do any kind of forwarding, but now I'm not sure.  My delima is this:  
>I run a self-contained internal root DNS environment, but have the need 
>to
>type forward a zone to specific name servers.  The reason why I cannot
>simply delegate off of root to these nameservers is that they are
>customised nameserver implementations, and will only answer queries with
>the RD bit set (different companies boxes....).  A delegation off of root
>will result in my servers sending iteritive queries, to which the other
>companies servers respond with a referral.  A type forward zone, however,
>will send recursive queries, resulting in an answer from the other
>nameservers.
>
>The weird thing is, if I set up a type forward zone only, with no 
>delegations to the zone in question in root, I get an NXDOMAIN response 
>back from my server.  If I setup delegation from root, but no type 
>forward, I get referrals back from the other nameservers, because the 
>query is not recursive.  However, (this is where it gets weird) if I do 
>BOTH delegation, AND type forward, my nameserver (BIND 8.3.4) ends up 
>sending a recursive query, resulting in an answer back from the remote 
>nameservers.  What causes this behavior??
>
I think you've answered your own question. Per-domain forwarding only 
works when the domain is actually delegated. So you need to delegate 
*and* define the zone as "type forward".

At least this is true in BIND 8. I haven't played around with forwarding 
much in BIND 9, so I'm not sure if it is the same in this regard. I've 
always found the delegation requirement to be rather counter-intuitive: 
since you're forwarding, why should you even care whether the domain is 
delegated or not?

                                                                        
                                                        - Kevin

>  
>

More information about the bind-users mailing list