Root server cannot be a forwarder?
John Hascall
john at iastate.edu
Tue Oct 24 20:10:42 UTC 2006
> ... You can be both a root server and a forwarder, but your
> forwarding would need to be limited and specific. You can't be a
> "general" forwarder.
> Why on earth someone would want to combine those functions, I have no
> idea. Worse come to worst, just set up separate views for the separate
> functions (assuming you can differentiate your clients somehow).
One place where it gets used is in "NetReg" type systems
where the DNS for DHCP-unknown systems lies about the
address of almost every name (sending back the ip of the
NetReg server), BUT where you want to allow a limited
amount of leakage out of the NetReg Sandbox network
so people can do windows/virus updates before being
registered and let out on the "real internet".
So, for example, from /var/chroot/named/etc/named.conf on
my NetReg DNS box:
zone "." in {
type master;
file "db.root";
};
// needed windowsupdate domains
// Dear Microsoft, This list is ridiculous!
zone "akadns.com" {
type forward;
forwarders { 129.186.1.200; 129.186.140.200; 129.186.142.200; };
};
:
(about 18 more zones)
:
zone "wustat.windows.com" {
type forward;
forwarders { 129.186.1.200; 129.186.140.200; 129.186.142.200; };
};
:
:
(etc)
Where, after NS records for all the forwarder zones, db.root ends up with:
*. IN A 129.186.6.16
*.edu. IN A 129.186.6.16
*.com. IN A 129.186.6.16
*.net. IN A 129.186.6.16
John
More information about the bind-users
mailing list