Split DNS & Forwarding

Kevin Darcy kcd at daimlerchrysler.com
Fri Apr 1 20:56:59 UTC 2005 

Tim Smithers wrote:

>Hi,
>    I am implementing what could closest be called a split DNS system & am attempting to use forwarding (which doesn't work the way I expect it to). From trawling through the archives, I am pretty sure that the answer from the list will be "don't use forwarding", but I wanted to understand why my configuration didn't work.
>
>I have an internal DNS server running BIND 9.2.5 which is configured for the zone dmouse.com. All works okay.
>I have an external DNS (provided by a DNS hosting company) which manages the external DNS records for dmouse.com & ftp.dmouse.com etc.
>
>I wanted to set my system up so that internal queries are answered, normal queries and anything to ftp.dmouse.com is forwarded to my ISP servers.
>
>I have global forwarding set on
>I have my normal "dmouse.com" zone set up with A records & reverse mapping (all works ok).
>
>I then tried adding
>
>zone "ftp.dmouse.com" IN {
>    type forward;
>    forward only;
>    forwarders { ISP_Server1; ISP_Server2; };
>};
>
>I have also tried forwarding directly to my DNS hosting nameservers (eg:
>
>zone "ftp.dmouse.com" IN {
>    type forward;
>    forward only;
>    forwarders { External_DNS_NameServer; };
>};
>
>Again it doesn't forward. I don't have any NS setup for the "ftp.dmouse.com" locally. I expected to be able to just forward it to another 'external' DNS which would handle the query (I know this may not be the case if the external DNS was not set to recurse, but it should work if I set it to the NS for ftp.dmouse.com" directly
> 
>Why does the zone level forwarding not work for a subdomain?
>I know I can get around this by maintaining all of the NS information for each subdomain locally, but wanted to understand why I can't just forward directly to them.
>
ftp.dmouse.com is in the dmouse.com zone, so it'll be answered from 
authoritative data regardless of what "type forward" zone definitions 
you have. In order to force this name to be forwarded, it would have to 
be delegated as a separate zone.

                                                                         
                                                         - Kevin

More information about the bind-users mailing list