DNSSEC, views & trusted keys...
Tony Finch
dot at dotat.at
Sun Sep 12 17:45:06 UTC 2010
I could not get private stub nor forward zones to work if their public parent is signed and does not have a delegation to the private zone.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
On 12 Sep 2010, at 03:41, Chris Buxton <chris.p.buxton at gmail.com> wrote:
>
> On Sep 11, 2010, at 2:34 AM, Phil Mayers wrote:
>>
>> You'll need a:
>>
>> zone "name" {
>> type forward;
>> forward only;
>> forwarders {
>> ips;
>> };
>> };
>>
>> It won't automatically detect that another view contains the zone and redirect it; you have to tell it.
>
> Use a stub zone instead of a forward zone, so that the query will actually reach the authoritative view. With a forward zone, the query is recursive, so will be picked up by the recursive view - the view will query itself and not receive an answer.
>
> zone "zone.name" {
> type stub;
> file "/path/to/recursive-view-data/zone.name";
> masters { 127.0.0.1; }; // or whatever the correct IP is to reach the internal view
> };
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100912/fff85f39/attachment.html>
More information about the bind-users
mailing list