Please excuse my prickliness, but I've spent almost a whole career
dealing with the wreckage of inappropriate forwarding...
- Kevin
On 6/4/2013 9:42 AM, Alan Shackelford wrote:
I wasn't trying to start a fight. Perhaps I didn't provide enough detail.
We have 2843 authoritative zones. We run a split brain DNS. The new
hospitals and other entities need to see our internal zone view once
they have "joined". So I have them forward queries during the early
stages of the merger, until I can get control of their DNS and make
appropriate changes. There are fatherhood issues and all manner of ego
problems involved in absorbing someone else's DNS. This step provides
a workable solution in the very first stages. Then I make them slaves,
with a reasonable expire time, to give them a copy of the data locally.
As for the distinction between forwarding and recursion, I used the
term forwarding to describe him sending queries for my internal zones
to me, thereby ensuring he sees the internal presentation of the data.
I used the term recursion to describe his DNS doing recursion for all
names and IPs that were not owned by either of us. This allows his
users to look up all of his data, and all other data on earth except
mine, no matter what happens with the cup-and-string circuit. Then,
once the fiber is turned up, we do a proper merge.
Sorry to have ruffled Kevin's feathers. Just trying to describe a
behavior in response to a question from the field. I was certainly not
recommending a configuration. Not everyone has to deal with these
issues in a clinical environment. I do.
Alan
*From:*bind-users-bounces+ashackel=jhmi....@lists.isc.org
[mailto:bind-users-bounces+ashackel=jhmi....@lists.isc.org] *On Behalf
Of * Kevin Darcy
*Sent:* Monday, June 03, 2013 3:40 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: does zone trump forward?
Why would you use forwarding over links that are "neither fat nor
reliable"? Are you a masochist? Replication of the data is much
recommended over such links...
As for your "pecking order", what distinction are you drawing between
forwarding and recursion? Forwarding is recursive. The high-level
distinction is between having the data authoritative locally and not
having it authoritative locally. If you want to make a finer
distinction within the not-locally-authoritative case, then make the
distinction between recursive (e.g. forwarding) and iterative (e.g.
stub, or delegation from an internal root zone).
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
