delegation issue

[Barry Margolin]

In article <dfu3tk$2h1n$1 at sf1.isc.org>, lderuaz at free.fr wrote:

> hello,
> 
> i'm facing a delegation issue for which i need support.
> 
> I've got two internal dns servers (dns1 and dns2) for local resolution. These
> servers have global forwarders for internet RR resolution (dns_ext1 and
> dns_ext2).
> These internal dns servers are masters/slave for the domains
> "site.country.company.int", "country.company.int", and "company.int"
> 
> I want to create a subdomain "proxypac.site.country.company.int", and 
> delegate
> it to two new internal dns servers "dns_sub1" and "dns_sub2".
> 
> The problem is that when the internal dns servers dns1 or dn2 receive a 
> request
> for proxypac.site.country.company.int, instead of asking the servers dns_sub1
> or dns_sub2, they forward the request to their global forwarders.
> 
> Normally, as dns1/dns2 are master for the domain "site.country.company.int" ,
> and as this zone contains the NS related to dns_sub1 and dns_sub2 ,shouldn't
> they forward this request (or ask for resolution) to dns_sub1 or dns_sub2 ?

No.  Forwarders are used whenever a server would need to recurse.  It 
doesn't matter that the NS records for the other zone are in your 
authoritative data.  How is named supposed to know that you have direct 
connectivity to the servers in those delegation records?  For all it 
knows, those delegation records are just for the benefit of outside 
users.

The solution for this is to use forwarding zones:

zone "proxypac.site.country.company.int" {
  type forward;
  forwarders { <address of dns_sub1>; <address of dns_sub2>; };
};

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***