Subdomain nameserver configuration question...

Jeff Reasoner jeff.reasoner at mail.hccanet.org
Tue Jul 8 18:42:43 UTC 2008 

On Tue, 2008-07-08 at 14:33 -0400, Kyle McDonald wrote:
> Chris Buxton wrote:
> > Your basic problem is that your authoritative name servers are also 
> > doing recursion. If you can avoid this, do so - turn recursion off on 
> > the name servers that host the subdomain.
> Ok. I have, and want, the clients in the subdomain to use these servers 
> (in their resolv.conf) to resolve queries. Doesn't that mean I need 
> recursion on?  Is that a bad idea?
> >
> > If your authoritative name servers must also perform recursion, set up 
> > either stub zones or slave zones for the apex(es) of the internal 
> > domain(s) - this may be the "parent domain" you mentioned, or the 
> > parent of that domain, or possibly even further upstream in the 
> > namespace hierarchy. If you have any global forwarding turned on, 
> > conditionally turn it off for these stub or slave zones.
> >

OT here I realize, but Win2K3 DNS does support stub zones.

> I'm not sure I'm understanding this. Create stub or slave zones on my 
> name servers? or on the parent? The parent domain is managed by Win2k3 
> DNS servers and I don't think they have the concept of 'stub' zones.
> 
> I did make my servers slaves of the parent. That solved it, but it seems 
> like a hack. After reading up more on forwarders, I was thinking of 
> adding a 'forward' zone named after the parent which pointed to the 
> parent domain's nameservers like:
> 
> zone egenera.com
>    {
>       type forward;
>       forwarders { 1.2.3.4, 1.2.5.6; };
>    }
> 
> Is this what you mean by stub? Actually if you mean that I should create 
> a stub on my server, then I guess you're right, that should work 
> similiar to the forwarder or slave.
> 
> 
> So it seems I have a bunch of options:
> 
>   1)  Disable  recursion. Optionally:
>        a)  configure  clients to resolve with parent servers.
>        b)  configure global forwarding to parent servers.
> 
>   2) Setup Selective forwarding with a 'forward' zone for the parent domain.
> 
>   3) Setup a 'stub' zone for the parent domain. (Is this any different 
> than the 'forward' zone?)
> 
>   4) Setup 'slave' zones of the partent, complete with zone transfers, 
> updates, etc.
> 
> Right now I'm thinking tha #2 sounds best, with 1b as a second choice.
> 
> Anything wrong with my logic or understanding?
> 
> Thanks for the help!
> 
>    -Kyle
> 
-- 
Jeff Reasoner
HCCA
513 728-7902 voice

More information about the bind-users mailing list