Subdomain nameserver configuration question...

Chris Buxton cbuxton at menandmice.com
Tue Jul 8 17:52:41 UTC 2008 

Your basic problem is that your authoritative name servers are also  
doing recursion. If you can avoid this, do so - turn recursion off on  
the name servers that host the subdomain.

If your authoritative name servers must also perform recursion, set up  
either stub zones or slave zones for the apex(es) of the internal  
domain(s) - this may be the "parent domain" you mentioned, or the  
parent of that domain, or possibly even further upstream in the  
namespace hierarchy. If you have any global forwarding turned on,  
conditionally turn it off for these stub or slave zones.

Chris Buxton
Professional Services
Men & Mice

On Jul 7, 2008, at 12:06 PM, Kyle McDonald wrote:

> Here I go talking to myself again... ;)
>
> Kyle McDonald wrote:
>> Anyway, I now find myself setting up nameservers for a subdomain,  
>> where
>> the parent domain is using a split-horizon, or spilt-DNS setup. So  
>> far
>> I've setup bind with the hint DB of root servers, and it's working  
>> great
>> for resolving records in domains outside the company (we have a NAT
>> firewall so that is needed.) but it also means that lookups for  
>> hosts in
>> the parent (or other-subdomains of the parent) get hung up try to be
>> resolved by the external side of the parent domain which doesn't know
>> anything about any of them.
>>
>> I've read through the Split DNS configuration, and it covers setting
>> that up pretty well, but I haven't seen any mention of how to  
>> configure
>> child subdomains of the parent.
>>
>>
> I setup my servers as slaves of the parent domain, and that seems to
> have fixed the problem so far.
> It seems like a hack though.
>
> Reading through other solutions to other problems posted to this list
> since I joined, I had the idea that maybe I should setup the parent
> domain servers as forwarders? but do I really want to push all  
> internet
> lookups through those servers and add that additional hop?
>
> Is there some better way to solve this problem?
>
>   -Kyle
>
>> I don't know if it matters, but for completeness I'll add that (at
>> least) the internal side of the parent domain is served by 2  
>> Win2003 AD
>> machines with MS DNS.
>>
>> What do I need to do to make sure that requests for the parent and  
>> other
>> internal subdomains get resolved internally?
>>
>>       -Kyle
>>
>>
>>
>
>

More information about the bind-users mailing list