Thanks all for the clear explanation.
If I understand correctly:
- forwarding is not a solution to my problem. (even the suggestion by
Chris didn't help)
- having ns1/ns2 slave from devbox would be a solution (but in my
specific case I can't because devbox runs a custom nameserver based on
Stanford::DNSserver which doesn't do axfr)
- making the dns service of devbox available from the internet (by means
of a proxy, port-forwarding or similar) is the (only) way to go.
Wim.
Kevin Darcy wrote:
Just as there is a "default-less core" to Internet routing, there is
also a "forwarding-less core" to Internet DNS, and your nameservers --
congratulations -- are in that core. The queries you get from other
nameservers in the core are non-recursive, defined to mean "give me
whatever information you have, but don't ask anyone else about the
name". And your nameservers dutifully comply. Ergo, they don't forward.
As someone else pointed out, there could theoretically be (non-core)
resolvers out there configured to resolve directly from your box. But
for an authoritative nameserver on the Internet, this would be the
exception rather than the rule -- mostly your nameserver will be
talking to other nameservers, not to forwarding or stub resolvers.
If you have some devices that are capable of *proxying* DNS requests
between the internal box and the Internet, you could delegate the
subdomain to those devices. But a true, standards-complying nameserver
will never forward a non-recursive query. The absence of the RD
(recursion desired) flag on the query specifically told it that the
client didn't want that.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
