stub zone

Wed Jul 27 00:51:14 UTC 2011

On Jul 25, 2011, at 10:33 PM, Feng He wrote:

> On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo <juwusuo at yahoo.com> wrote:
>> Would like to use the BIND stub zone function, however, heard that ISC
>> considers stopping support to stub zone in the future, is that true?
>> _______________________________________________
> 
> Hi,
> 
> what's the use of stub zone? I never used it, thanks.

A stub zone is conceptually similar to the root hints zone, but for a domain other than the root. It's a way to add NS and glue records to the cache as a way to either optimize recursion performance or overlay a private namespace onto the public Internet.

For example, suppose you have a name server with this configuration:

options {
	<some stuff goes here>
};

zone "bluecatnetworks.com" {
	type stub;
	masters { 192.168.0.1; };
};

Then assuming the server 192.168.0.1 has a zone named bluecatnetworks.com, which might have different content than the public version of that zone, the server with this configuration will be able to find that private version of bluecatnetworks.com, while still being able to resolve names from the Internet for everything else.

The difference between a stub zone and a forward zone is that a stub zone causes the server to send iterative queries, not recursive. Note that the two are not mutually exclusive, though, so if you have a forwarding configuration that also covers the zone, the server will forward those queries rather than resolving them using the stub zone. This can be overcome by adding an empty forwarders list to the stub zone:

zone "bluecatnetworks.com" {
	type stub;
	masters { 192.168.0.1; };
	forwarders { };
};

Under the hood, the stub zone causes the server to query the indicated master server(s) periodically for the zone's SOA record, NS records, and any necessary glue records, and these are inserted into cache. The records are refreshed according to the refresh setting in the SOA record, similar to a slave zone (sans the notify mechanism), so in this way the behavior is slightly different than a root hints zone.

Chris Buxton
BlueCat Networks