stub zones and recursion ?

Wed Apr 2 13:37:00 UTC 2008

> 
> Does anybody get an idea to solve next problem ?
> 
> I get some bind 9.2.3 resolvers,

	Upgrade.

> all configured the same way. All of
> them are configured with some views, each of them dedicated to specific
> clients. We get the default view recursively answering all queries to
> anybody.

	Fine.

> We also get another one where I am trying to non-recursively
> answer queries but without getting data locally.

	Impossible.
 
> A little example ..
> 
> let's immagine we get lab.intranet. and srv.lab.intranet. defined on two
> authoritative bind servers. On the other hand I get wks.lab.intranet
> configured on a Ms Dns with WINS/backwards activated. 
> 
> Now I would like giving access my users to zones lab.intranet and
> wks.lab.intranet ONLY. What are the solutions for it ?? I cannot simply
> replicate zones on each servers because ISC BIND does not comply with
> records 'IN WINS' (specific to Ms Windows Dns).

	Stop using WINS.  Microsoft don't even really support it anymore.

> So I try to define zones
> as forward or stub, I am also playing with allow-recursion, recursion
> but have not find any solution to my problem.

	Create your own root zone and delegate lab.intranet from it.

view "xx" {
	match-clients {xx;};
	allow-query { any; };
	allow-recursion { any; };
	recursion yes;

	zone "." {
		type master;
		file "xx.root";
	};
};

xx.root:
. 3600 SOA ...
. 3600 NS ...
lab.intranet. 3600 NS ns.lab.intranet.
ns.lab.intranet. 3600 A <address>

	Mark

> view "xx" in {
> 
>     match-clients {xx;};
>     allow-query {xx;};
>     allow-recursion {xx;};
>     recursion xx;
> 
>     zone "." in {
        type hint;
>         file "xx/db.root";
>     };
> 
>     zone "lab.intranet." {
>         xx
>     };
>     zone "srv.lab.intranet." {
>         xx
>     };
>     zone "wks.lab.intranet." {
>         xx
>     };
> };
> 
> Your help is really appreciated.
> 
> Regards
> Vincent.
> -----------------------------------------------------------------
> ATTENTION:
> The information in this electronic mail message is private and
> confidential, and only intended for the addressee. Should you
> receive this message by mistake, you are hereby notified that
> any disclosure, reproduction, distribution or use of this
> message is strictly prohibited. Please inform the sender by
> reply transmission and delete the message without copying or
> opening it.
> 
> Messages and attachments are scanned for all viruses known.
> If this message contains password-protected attachments, the
> files have NOT been scanned for viruses by the ING mail domain.
> Always scan attachments before opening them.
> -----------------------------------------------------------------
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org