Can internal root server also forward?

Tue Aug 26 20:37:34 UTC 2008

If I understand what you are asking, yes.
We are doing forwarding from a fake root server,
so it seems that it can be done (we are doing it for "NetReg"
[which uses a DNS which lies a lot, but in some cases we
want the truth so we forward those requests]).

An excerpt:

----------------------------<named.conf>----------------------------
zone "." in {
	type master; file "db.root";
};
zone "iastate.edu" {
	type master; file "db.iastate.edu";
};
zone "microsoft.com" {
	type forward; forwarders { 129.186.1.200; }; forward only;
};

----------------------------<db.root>----------------------------
@               IN      SOA netreg-1.  asw.iastate.edu. (
	...
@                               IN      NS      netreg-1.
iastate.edu.                    IN      NS      netreg-1.
	...
microsoft.com.                  IN      NS      netreg-1.
netreg-1.                       IN      A       129.186.1.16
*.                              IN      A       129.186.1.16
*.edu.                          IN      A       129.186.1.16
*.com.                          IN      A       129.186.1.16
*.net.                          IN      A       129.186.1.16

Hope this helps,

John

> Well what we have is that it is a seperate company outside the
> firewall that is kind of "merged" in with existing company.
> Company A wants to resolve internal hosts on Company B. The forwarding
> was hoping to not have to open all the firewalls between the two for
> the delegation from root to happen via NS records.
> We are thinking of putting in a forwarder box and delegating at
> internal root to that forwarder and then running forward only caching
> on the forwarder over to the "other" company.
> 
> thanks
> Joe
> 
> 
> 
> On Aug 25, 11:34 pm, Mark Andrews <Mark_Andr... at isc.org> wrote:
> > > Have an internal root server with zone db.root.
> > > Forwarding is not turned on as global option. Tried to add two forward
> > > zones with forward only into the root server and it would never
> > > forward. NXDOMAIN on localhost digs for that forward zone. If the zone
> > > is delegated in the the db.root file with NS  records it works
> > > obviusly, The internal root server is running BIND 9.2.2.
> >
> > > Are there limitations on a root server having forward only zones?
> >
> > > thanks
> > > Joe
> >
> >         The real question is why did you decide to use forward
> >         zones rather than using a normal delegation.
> >
> >         Forward zones are there for when you need to do something
> >         special.  They are not a replacement for doing normal
> >         delegations.
> >
> >         Mark
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: Mark_Andr... at isc.org
> 
> 