Hi John. Yes, you *could* forward and that was a setup I inherited a good few years ago. The appeal is obvious: it's easy to do; just chuck queries over there and get answers. But forwarding keeps the RD bit set, meaning that the server being forwarded to should a) have recursion enabled (though it will still answer if it is authoritative anyway) and b) is now obliged to try and find an answer, so if the people who run that server happen to configure forwarding somewhere else you can potentially end up with long, ugly chains of forwarding, even loops. None of stub, static-stub or mirror do this.
Just my 2p. Greg On Fri, 14 Oct 2022 at 17:38, JW λ John Woodworth <j...@pcthink.com> wrote: > Hi Bob, > > I've been able to do this with 'forward' zones. The config would go in > the resolver but the files would not. > > > /John > > -------- Original message -------- > From: Bob McDonald <bmcdonal...@gmail.com> > > I'm thinking about redesigning an internal DNS environment. To begin > with, all internal DNS zones would reside on non-recursive servers > only. That said, all clients would connect to recursive resolvers. > > The question is this; do I use an internal root with pointers to the > internal zones (as well as the outside DNS world) or do I include stub > zones to point at the non-recursive internal servers? > > Access to the internal DNS zones would be controlled by location. > (e.g. guest WiFi devices would NOT have access to internal DNS > zones...) > > Recursive resolvers would allow implementation of features such as RPZ, > etc. > > Regards, > > Bob > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
