On 4/26/21 2:45 PM, bamberg2000 via bind-users wrote:
Hi!
Hi,
BIND 9.11.5, I forward the request ("forward zone" or global "forward first") to another server and I get NXDOMAIN. Is it possible to process
NXDOMAIN other than "redirect zone"? I just want to repeat the request to another forwarder.
I'm not sure what your actual use case is or if what I did will work.I wrote a quick overview article about something I did years ago that /might/ help with what you /may/ be doing.
Link - Duplicate authoritative DNS zones ... on purpose- https://dotfiles.tnetconsulting.net/blog/2013/0610/Duplicate-authoritative-DNS-zones-on-purpose.html
TL;DR: Two BIND servers worked in concert with each other such that the master / authoritative zone in the D.R. environment could be a subset of the production environment to override things while still falling back to the full prod environment for records that weren't overridden.
It's a bit of a hack, but it allowed us to enter the ~100 names specific to the D.R. environment and leverage the other thousands of names from prod without needing to import / merge records in D.R.
I don't remember why simply using RPZ to override wasn't sufficient. I think it had to do with the infrastructure / configuration I was working with.
Maybe this will give you some ideas. Or maybe it wasted some bandwidth and 30 seconds of people's time.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
