Multiple roots?

Dave Wreski dave at guardiandigital.com
Tue Jul 9 04:10:47 UTC 2002 

Hi Kevin,

> You need to define bigcompany.com *selectively* as a zone of type slave, stub
> or forward. "Stub" is probably the most lightweight of the 3 alternatives,
> but depending on the frequency of changes to the zone, query mix,
> REFRESH settings for the zone, etc., etc., one of the other alternatives
> might be a better choice overall for performance, redundancy, efficiency etc.
> depending on what your requirements and preferences are. "Slave" gives the
> most redundancy, of course, but is out of the question if the master
> restricts zone transfers and you can't get your nameservers included on their
> Access Control List. Forwarding is your only reasonable alternative if you
> need to resolve names in subzones of bigcompany.com, where the nameservers
> for the subzones are unreachable from your nameservers (although you could
> opt to define only the problematic subzones -- instead of bigcompany.com
> itself -- as "type forward" in that case). Note that when using forwarding
> for this purpose, the forwarding mode should be set to "forward only" (which
> is *not* the default mode), and it won't work at all if the intended
> forwarder doesn't support recursion.

I should have mentioned that zone transfers aren't authorized, so the 
slave option is not possible.

I also don't think the forwarder will support recursion, because even if 
I query it directly it won't resolve Internet hosts.

[five minutes later...]

Okay, I tried creating a bigcompany.com forwarders zone instead of 
creating a global forwarders plus the real top-level roots, and it 
appears to have worked! I guess this means the bigcompany's name servers 
do in fact support recursion?

Thanks much for your help. I'll put this in to production tomorrow 
night, and read my O'Reilly book again in the meantime...

Best regards,
Dave

-- 
Dave Wreski
Corporate Manager                           Guardian Digital, Inc.
(201) 934-9230                Pioneering.  Open Source.  Security.
dave at guardiandigital.com            http://www.guardiandigital.com

More information about the bind-users mailing list