bind 9.4.1: bug or feature?
Mark Andrews
Mark_Andrews at isc.org
Tue Jul 24 21:01:58 UTC 2007
> This isn't so much a bug as just a weird consequence of how things work.
>
> In your initial attempt, when you ask your server for
> something.xyz.local, here's what happens:
>
> - Examine local authoritative data.
> - Find an authoritative zone for a domain that covers the request.
> There is no answer in the zone, nor any delegation.
> - Return a negative answer.
>
> The forward zone is not even considered. Now, with your second
> attempt (the solution that inexplicably works):
>
> - Examine local authoritative data.
> - Find an authoritative zone for a domain that covers the request.
> There is an intervening delegation, so turn operation over to
> resolver logic.
> - Examine resolver rules, including root hints, stub zones, forward
> zones, global forwarding, etc.
> - Find forward zone. Rather than following delegation and doing
> recursion, forward to specified server.
>
> If you wanted to, you could achieve nearly the same effect without
> the forward zone as follows:
>
> xyz NS ns1.xyz
> NS ns2.xyz
> ns1.xyz A 1.2.3.4
> nx2.xyz A 5.6.7.8
>
> The differences would be:
>
> - You would have to maintain the addresses of the other servers in
> the zone data rather than in named.conf.
> - Rather than sending a recursive query to the other servers, your
> server would send iterative queries.
>
> Chris Buxton
> Men & Mice
It's also how the DNS was designed to be used.
Forward zones should be the exception not the rule.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list