BIND Authorative forwarding caching server
Kevin Darcy
kcd at daimlerchrysler.com
Fri Nov 4 22:40:37 UTC 2005
dan at nameplanet.com wrote:
>Hello.
>
>Can BIND be set up to not have ANY zone files, and just be an
>authoritative forwarder? So the real DNS server is on the internal
>network and say 3 publicly facing DNS servers are just caching queries.
>We can't use zone transfers/slave configurations.
>
>I need a named.conf SOMETHING like this:
>
>options {
> directory "/var/named";
> pid-file "named.pid";
> allow-query { any; };
> auth-nxdomain yes;
> forwarders {10.0.0.10;};
> forward only;
>};
>
>Unfortunaly, the auth-nxdomain flag doesn't do it.
>I am not looking for a debate on the architecture - just wishing to
>know if it is possible.
>
If you're asking whether you can force the AA flag on for all queries in
a particular zone, without being configured as a master or slave for
that zone, the answer is no.
Moreover, most entities that would care about the setting of the AA flag
also send non-recursive queries, so even if you were to come up with
some hack to force AA on, you'd still have to deal with the fact that
resolvers don't recurse unless they are asked to do so.
- Kevin
More information about the bind-users
mailing list