writeable secondary zone?

Mark Andrews marka at isc.org
Wed Jan 4 01:23:44 UTC 2017 

In message <20170104010026.GA3160 at ubuntu>, Nex6 writes:
> On Wed, Jan 04, 2017 at 01:46:07AM +0100, Reindl Harald wrote:
> > 
> > 
> > Am 04.01.2017 um 01:35 schrieb Nex6:
> > >I have a very specific issue, where a partner org, wants me to add an
> > >SRV record for there org. (i dont want to)
> > >
> > >- NOTE: and its for a major cloud app (to remain nameless) that points
> > >back to there active directoy.
> > >
> > >but this is a requirement for a cloud application. the only solution I
> > >can think of so far, is build out a new DNS box for just the users
> > >that need to use this application.
> > >
> > >and add the SRV record there. but, not sure how you could setup a
> > >secondary zone, thats writeable?
> > 
> > you can't write in a slave zone
> > 
> > https://kb.isc.org/article/AA-00851/0/Understanding-views-in-BIND-9-by-exam
> ple.html
> 
> 
> yes, I know thats why I asked if there was a way to do this. I suspect
> i am stuck. 

You don't need to modify a zone to graft on a SRV record as it will be
prefixed with one or more labels.  You add a zone for that name.

_example._tcp.example.com

Now if _tcp.example.com already exists you add _example._tcp.example.com with
zone content similar to this:

	@ SOA ...
	@ NS ...
	@ SRV ....

If _tcp.example.com does not already exist you add _tcp.example.com with zone
content similar to this:

	@ SOA ...
	@ NS ...
	_example SRV ....

This prevents your clients seeing NXDOMAIN for _tcp.example.com.

The better way to do all this however would be for the partner to
create the relevant zones with the SRV records (giving them change
control of the contents) and have you slave them on your recursive
servers possibly using TSIG to get the correct instance from them.
They can supply you with example.com with the SRV records present
or one of the above zones.  You clients see will see
_example._tcp.example.com either way and it deals with their paranoia
over publishing a SRV record to the world.

There is no need for you to muck with views for this.

Mark

> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list