Non-local DNS resolution question
Robert Lowe
Robert.H.Lowe at lawrence.edu
Mon Jun 14 16:25:11 UTC 2004
Jim Reid wrote:
>>>>>>"Robert" == Robert Lowe <Robert.H.Lowe at lawrence.edu> writes:
>
>
> >> Having scanned the archives, it appears I put:
> >>
> >> digitalriver.com NS fc-2kdc-01.fireclick.com.
> >> digitalriver.com NS fc-2kdc-02.fireclick.com.
> >> fc-2kdc-01.fireclick.com. A 192.168.254.26
> >> fc-2kdc-02.fireclick.com. A 192.168.254.27
>
> >> in the root zone file.
>
> Robert> No, don't do this. Use a forward zone in your named.conf files
>
> No! Don't do this either. A DNS "solution" that involves forwarding is
> almost certainly broken. Configure your local name server(s) as slaves
> for the digitalriver.com zone. These servers don't have to be listed
> in the NS records for digitalriver.com. This way your local name
> servers will be less dependent on the existing digitalriver.com
> servers and your overall DNS infrastructure will therefore be more
> robust and stable.
Late getting back to this... if he has the option of acting as a slave,
and both parties are willing to do the work (and it might be trivial,
but if there are lots of zones, it may not be), then I'll agree. If not,
there is nothing inherently "broken" about using a forward zone (and yes,
Bob, one entry will cover all subdomains). Interacting with private partner
networks is what it's there for, and while some may misuse the feature, and
others just don't like it, that's not to say it should be avoided at all
costs.
-Robert
More information about the bind-users
mailing list