Avoiding side effects of the forwarding
Andrey G. Sergeev (AKA Andris)
andris at aernet.ru
Fri Sep 26 23:20:22 UTC 2008
Hello,
I'm trying to avoid one annoying side effect from the forwarding queries
for some private TLDs to their authoritative servers. Here is the
disposition.
1. There is a private TLD "private-tld." served by 192.168.28.1 and
192.168.28.2;
2. The 192.168.28.1 and 192.168.28.2 servers are authoritative for both
the "legitimate-zone.private-tld." *and* the "private-tld." zone.
3. I want to be able to resolve hostnames in
"legitimate-zone.private-tld." but I have no direct DNS access to and
even any network connectivity with the 192.168.28.1 and 192.168.28.2
boxes. However there is a local DNS server available which *has* an
ability to communicate with these private hosts. I configure my local
server like this:
--- named.conf on the forwarding box ---
zone "legitimate-zone.private-tld" IN {
type forward;
forward only;
forwarders {
192.168.28.1;
192.168.28.2;
};
};
--- named.conf on the forwarding box ---
Using this the forwarding server will got and store in its cache the
authority RRs for the "private-tld." just after the first attempt to
resolve names such as "ftp.legitimate-zone.private-tld.". Within the TTL
timeframe any subsequent queries for the *nonexistent* names like
"hostname.nonexistent-zone.private-tld." will be also directed to the
192.168.28.1 and 192.168.28.2. This can be annoying and even undesirable.
Is there a way to setup the forwarding server to ignore the authority
RRs beyond the forwarding scope?
--
Yours sincerely,
Andrey G. Sergeev (AKA Andris) http://www.andris.name/
More information about the bind-users
mailing list