how to create a private "test." zone?

Tue Mar 3 23:16:34 UTC 2009

Rui Lopes wrote:
> Mark Andrews wrote:
>   
>> Mark Andrews writes:
>>   
>>     
>>> In message <49AC5D59.1010707 at ruilopes.com>, Rui Lopes writes:
>>>     
>>>       
>>>> Hi,
>>>>
>>>> Ben Bridges wrote:
>>>>       
>>>> [...]
>>>>         
>>>>> You could try creating example.test as a forward zone in named.conf on
>>>>> your sun server and specifying plesk as the forwarder for that zone.
>>>>>         
>>>>>           
>>>> Indeed, adding a forward zone like bellow works!  but why does it work?
>>>> or why is it needed?
>>>>
>>>> zone "example.test" {
>>>>         type forward;
>>>> //      forward only;
>>>> //      forwarders { 192.168.2.10; };
>>>> };
>>>>
>>>> Note that I only needed to include the "type forward" line, the other
>>>> lines do not seem to be needed.  I'm I missing something?  they aren't
>>>> really needed?  By reading the bind manual it seems we have to include them
>>>>       
>>>>         
>>> .
>>>     
>>> 	You turned off forwarding for that namespace.
>>> 	It's the equivalent of:
>>>
>>> 		zone "example.test" {
>>> 			type forward;
>>> 			forwarders { /* empty */ };
>>> 		};
>>>
>>>
>>> 	You could have also added it to the test zones config.
>>>
>>> 		zone "test" {
>>> 			type master;  // or slave
>>>     
>>>       
>> 				      // or stub
>>   
>>     
>>> 			...
>>> 			forwarders { /* empty */ };
>>> 		};
>>>
>>> 	Mark
>>>  
>>>       
> Thanks!
>
> Why isn't bind just following the "example.test. NS plesk.test." RR that
> is inside the "test." zone without removing the forwarders?
>
>   
It's the result of a couple deliberate design decisions.

When named tries to resolve a name, it looks at the zones which are 
explicitly defined in its config. If the name isn't contained in any of 
them, then, by BIND's design, it looks to see what the closest 
applicable "forward" statement is, if any. Example.test is *outside* of 
the "test" zone you have defined, so:

BEFORE (no "forward" defined in the "test" zone): it finds your "global" 
forwarders and uses them to resolve example.test names.
AFTER (a "forward" defined in the "test" zone, with an empty forwarders 
list): it finds the "test" forwarders (since they're closer than the 
global forwarders, which are considered to be at the root) and uses them.

The other deliberate design decision is that the resolver algorithm 
interprets an empty forwarders list to mean "don't forward at all". So 
when it finds the empty forwarders list for "test" it follows the 
"example.test" delegation records and resolves as you expected it to.

- Kevin