Yes, but I doubt you would like it more. You can always create your own
parent zone copy and make modified delegation only in it. Then if it
should be DNSSEC signed, you would have to setup trust anchor for your
TLD. But this way, you can test any changes to zone in your lab, without
affecting production zone.
But I think this is an increased work and the result might be very
different. If you want just testing of alternative server deployment,
DNAT (production) server address to your temporary instance(s). That may
work better without extra preparation steps. Again, this would make it
accessible only in your lab, but might allow you testing whatever you
want. I expect you can access any private keys, which might be used by
your own zone.
Hope that helps.
Cheers,
Petr
On 2/4/24 12:13, Gabi Nakibly wrote:
Thanks for the response. However, I strongly prefer not to update the
parent zone as this is only a temporary nameserver for testing purposes.
Is there anyway to add a new name server (with a new name) without
updating the parent zone?
On Sun, Feb 4, 2024, 12:01 Mark Andrews <ma...@isc.org> wrote:
You have your answer. Update the parent zone.
--
Mark Andrews
On 4 Feb 2024, at 18:27, Gabi Nakibly <gabin...@gmail.com> wrote:
Hi,
I would like to set up a new temporary nameserver for my zone
(say 'example.com <http://example.com>'), however for
various reasons I prefer not to change the delegation of my
parent zone ('.com'). So I need the current name server
('ns.example.com <http://ns.example.com>') to refer resolvers to
my new temporary name server ('ns-temp.example.com
<http://ns-temp.example.com>'). However, when I tried to test
this set-up with a BIND resolver, when the resolver got the
delegation to the temporary name server it failed with
'non-improving referral'.
How can I resolve this so the delegation will work for a BIND
resolver having default config (or with any other resolver for
that matter)? I know that I can simply update delegation at the
parent zone to point directly to the new name server, but I
prefer not to do this right now and I am looking for ways to do
this without changing the parent delegation.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for
more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
