Configuring a domain slave to look up subdomain hosts- RESOLVED

Mike Bernhardt bernhardt at bart.gov
Wed Feb 29 17:27:20 UTC 2012 

Assuming this global configuration:
options {
directory "/var/named";
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
forwarders { 148.165.3.10; }; (our registered DNS in our DMZ)
forward only;
recursive-clients 2000;
zone-statistics yes;
};

Then when doing this:
zone "domain.com" {
type slave;
masters { 10.130.1.30; };
file "db.domain";
forwarders { };
};

The slave follows the global forwarder information (out to the DMZ server
for internet queries) but it doesn't follow the delegation for
subdomain.domain.com. Instead, it forwards the subdomain queries to the
master.

When doing this:
zone "domain.com" {
type slave;
masters { 10.130.1.30; };
file "db.domain";
};

The slave follows the global forwarder information and EVERYTHING is
forwarded to the DMZ server.


But, when doing this:
zone "domain.com" {
type slave;
masters { 10.130.1.30; };
file "db.domain";
forwarders { /*empty */ };
};

It works exactly as I intended- no stub zone needed. The delegation
information is used and everything is resolved correctly both for the
subdomain and for internet queries.

Thanks!


-----Original Message-----
From: Mark Andrews [mailto:marka at isc.org] 
Sent: Tuesday, February 28, 2012 4:36 PM
To: Mike Bernhardt
Cc: 'Chris Buxton'; bind-users at isc.org
Subject: Re: Configuring a domain slave to look up subdomain hosts


Stub zones record the NS list and associated address records for
the zone.  Think of it as pre-populating the cache.

Forwarder clauses override the normal recusive resolution process.
A empty forwarders clause disables the override for names at or
below the "zone" it appears in.

These are independent configuration options.   If you want to stop
forwarding for a namespace you have to explicitly stop doing it.

zone sub.example.net {
	type stub;
	masters { 1.2.3.4; };
	file "sub.example.net.stub";
	forwarders { /*empty */ };
};

The primary use of stub zones is to graft on namespace that isn't
to be found by following delegations.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list