Hi Greg,Great points! I must have forgotten how messy this got :) ./John -------- Original message --------From: Greg Choules <gregchoules+bindus...@googlemail.com>Hi John.Yes, you *could* forward and that was a setup I inherited a good few years ago. The appeal is obvious: it's easy to do; just chuck queries over there and get answers.But forwarding keeps the RD bit set, meaning that the server being forwarded to should a) have recursion enabled (though it will still answer if it is authoritative anyway) and b) is now obliged to try and find an answer, so if the people who run that server happen to configure forwarding somewhere else you can potentially end up with long, ugly chains of forwarding, even loops. None of stub, static-stub or mirror do this.Just my 2p.GregOn Fri, 14 Oct 2022 at 17:38, JW λ John Woodworth <j...@pcthink.com> wrote:Hi Bob,I've been able to do this with 'forward' zones. The config would go in the resolver but the files would not./John-------- Original message --------From: Bob McDonald <bmcdonal...@gmail.com>I'm thinking about redesigning an internal DNS environment. To beginwith, all internal DNS zones would reside on non-recursive serversonly. That said, all clients would connect to recursive resolvers.The question is this; do I use an internal root with pointers to theinternal zones (as well as the outside DNS world) or do I include stubzones to point at the non-recursive internal servers?Access to the internal DNS zones would be controlled by location.(e.g. guest WiFi devices would NOT have access to internal DNSzones...)Recursive resolvers would allow implementation of features such as RPZ, etc.Regards,Bob-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this listISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.bind-users mailing listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
