Is it possible to specify a fallback NS? (I couldn't help thinking that !)

Vaillant Daniel vaillant at ganil.fr
Tue Oct 24 10:34:20 UTC 2006 

Ihi

Just think that you must add the going-with some Microsoft DNS 2000 in some of your secondaries and that could/would be 
"le pompon" (won't be any gas)

regards.



Kevin Darcy wrote:
> linuxnewbie1234 wrote:
> 
>>Suppose I have a company ONE for which I am serving the domain .one.com
>>I know the A addresses of a computer like www.one.com
>>however my company recently splitted and now there is an independent 
>>branch, which is two.one.com  .
>>
>>At TWO-ONE They have their computers (e.g. three.two.one.com), and their 
>>NS which is ns.two.one.com . All the IP addresses can change without 
>>them informing me. In addition they can split further and make a 
>>THREE-ONE branch with the domain three.one.com . TWO-ONE will be 
>>informed of the split but not me.
>>
>>Since I have the top level NS ns.one.com BUT I don't have control on 
>>what the other people do, is there a way to configure my zone file so 
>>that for everything of the form X.one.com it first goes looking in my 
>>zone file and then if this finds nothing, either
>>-goes asking recursively to ns.two.one.com OR
>>-tells the client to refer to ns.two.one.com
>>?
>>
>>Note that I cannot simply put an NS entry specifying X.two.one.com NS 
>>ns.two.one.com because if they split again forming "three" I wouldn't 
>>catch that one. I really want a fallback on ns.two.one.com if the 
>>computer is not found in my zone. Is that possible?
>>
>>  
> 
> No, not possible with BIND. Administrators of parent and child domains 
> need to work together if they are to provide reliable resolution service 
> to their customers. The child-domain administrators can't reasonably 
> expect to change all of their stuff around without informing you and 
> without causing a break in service. That would be like them sawing 
> themselves off of a branch and still expecting to stay aloft. Nor can 
> they expect to be able to create arbitrary subzones of the parent zone 
> without you giving them full write access to the zone data (which 
> presumably you're not willing to do).
> 
> Think about this too: even *if* BIND had this capability -- kind of a 
> "wildcarded forwarding" mechanism -- if they changed all of their IP 
> addresses around without telling you, you'd *still* be just as unable to 
> resolve names in their subzones, until you could update your "wildcarded 
> forwarding" configuration. So what would such a feature buy you really, 
> over simple delegation? Any way you cut it, if they control subzones of 
> one.com, they *must* co-ordinate any changes to the nameservers of those 
> subzones, with the administrator of the parent zone (you).
> 
> Sounds like what they _really_ want is to control the parent zone. 
> Unless you can collectively come up with some sort of shared-maintenance 
> regime that you can both live with, looks like you might have a 
> political battle on your hands over who controls one.com. But that's 
> getting somewhat off-topic for this list...
> 
>                                                                          
>             - Kevin
> 
> 
> 

-- 
-----------------------------------------------------------------------
sy  VAILLANT Daniel       mailto:vaillant at ganil.fr
re  GANIL GIP (Syst&Res)  Vox:(+33)(0)2 31 45 46 84
mi  B.P. 5027             Fax:(+33)(0)2 31 45 46 65
@   14076 CAEN-Cedex 5    Web: http://www.ganil.fr
........................................................................
Le temps s'écoule, l'espace se dilate, l'énergie se matérialise et tout
le reste est commentaire.                Miche Cassé
                                         Du vide et de la création

More information about the bind-users mailing list