delegation issue
Mark Andrews
Mark_Andrews at isc.org
Sat Sep 10 22:52:24 UTC 2005
> In article <dfu3tk$2h1n$1 at sf1.isc.org>, lderuaz at free.fr wrote:
>
> > hello,
> >
> > i'm facing a delegation issue for which i need support.
> >
> > I've got two internal dns servers (dns1 and dns2) for local resolution. The
> se
> > servers have global forwarders for internet RR resolution (dns_ext1 and
> > dns_ext2).
> > These internal dns servers are masters/slave for the domains
> > "site.country.company.int", "country.company.int", and "company.int"
> >
> > I want to create a subdomain "proxypac.site.country.company.int", and
> > delegate
> > it to two new internal dns servers "dns_sub1" and "dns_sub2".
> >
> > The problem is that when the internal dns servers dns1 or dn2 receive a
> > request
> > for proxypac.site.country.company.int, instead of asking the servers dns_su
> b1
> > or dns_sub2, they forward the request to their global forwarders.
> >
> > Normally, as dns1/dns2 are master for the domain "site.country.company.int"
> ,
> > and as this zone contains the NS related to dns_sub1 and dns_sub2 ,shouldn'
> t
> > they forward this request (or ask for resolution) to dns_sub1 or dns_sub2 ?
>
> No. Forwarders are used whenever a server would need to recurse. It
> doesn't matter that the NS records for the other zone are in your
> authoritative data. How is named supposed to know that you have direct
> connectivity to the servers in those delegation records? For all it
> knows, those delegation records are just for the benefit of outside
> users.
>
> The solution for this is to use forwarding zones:
>
> zone "proxypac.site.country.company.int" {
> type forward;
> forwarders { <address of dns_sub1>; <address of dns_sub2>; };
> };
Or you can turn off forwarding in the parent zones.
zone "site.country.company.int" {
type master;
...
forwarders { /* empty */ };
};
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list