Subdomain nameserver configuration question...
Kyle McDonald
KMcDonald at Egenera.COM
Tue Jul 8 18:33:34 UTC 2008
Chris Buxton wrote:
> Your basic problem is that your authoritative name servers are also
> doing recursion. If you can avoid this, do so - turn recursion off on
> the name servers that host the subdomain.
Ok. I have, and want, the clients in the subdomain to use these servers
(in their resolv.conf) to resolve queries. Doesn't that mean I need
recursion on? Is that a bad idea?
>
> If your authoritative name servers must also perform recursion, set up
> either stub zones or slave zones for the apex(es) of the internal
> domain(s) - this may be the "parent domain" you mentioned, or the
> parent of that domain, or possibly even further upstream in the
> namespace hierarchy. If you have any global forwarding turned on,
> conditionally turn it off for these stub or slave zones.
>
I'm not sure I'm understanding this. Create stub or slave zones on my
name servers? or on the parent? The parent domain is managed by Win2k3
DNS servers and I don't think they have the concept of 'stub' zones.
I did make my servers slaves of the parent. That solved it, but it seems
like a hack. After reading up more on forwarders, I was thinking of
adding a 'forward' zone named after the parent which pointed to the
parent domain's nameservers like:
zone egenera.com
{
type forward;
forwarders { 1.2.3.4, 1.2.5.6; };
}
Is this what you mean by stub? Actually if you mean that I should create
a stub on my server, then I guess you're right, that should work
similiar to the forwarder or slave.
So it seems I have a bunch of options:
1) Disable recursion. Optionally:
a) configure clients to resolve with parent servers.
b) configure global forwarding to parent servers.
2) Setup Selective forwarding with a 'forward' zone for the parent domain.
3) Setup a 'stub' zone for the parent domain. (Is this any different
than the 'forward' zone?)
4) Setup 'slave' zones of the partent, complete with zone transfers,
updates, etc.
Right now I'm thinking tha #2 sounds best, with 1b as a second choice.
Anything wrong with my logic or understanding?
Thanks for the help!
-Kyle
More information about the bind-users
mailing list