Re: zone delegation/forwarding in a non-recursive view

Fri, 25 Oct 2013 10:06:38 -0700

Although you lump them together, forwarding and delegation are very different things.
Forwarding is a way to bypass the normal resolution mechanism, forcing your resolver to essentially "daisy-chain" recursion on behalf of a requesting recursive client. Another way to put it, is that you're dumbing down your nameserver to the level of a PC or embedded device that only knows to send recursive queries to a predefined list of upstream resolvers. In fact, forwarding in BIND is in a sense even _dumber_ than recursive resolution in a PC or embedded device, because those device types can usually get a list of recursive resolvers *dynamically* (via DHCP options), whereas in BIND one configures forwarders *statically*. 


Delegation, on the other hand, is the way the whole namespace hierarchy 
is joined together. If you delegate a subzone, you allow iterative (= 
non-recursive) resolvers to follow the namespace hierarchy down into 
another branch of the tree. One branch links to another branch, and so 
on. That's how the whole tree is formed, all of the way from the root 
down to the "leaf" nodes.



So, what is the real requirement here? To create or link in a new branch 
of the tree? Or merely to enlarge the set of clients which are allowed 
to use your nameserver instance in a recursive manner? The answers to 
those questions will determine whether forwarding or delegation is the 
appropriate solution.


                            - Kevin

On 10/25/2013 6:46 AM, Yiorgos Stamoulis wrote:

Hi,

I have authoritative dns system (1 master bind-9.8.2 & 2 slaves
bind-9.8.2 & bind-9.3.6) with several zones and two views.

The internal view allows recursion and the external not.

I now have the requirement to delegate/forward a zone to an external
nameserver.

This works OK for the internal view, but fails for the external as
recursion is not allowed.

Is it possible to do this? how?

Regards

Yiorgos
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users





_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to