On Fri, Oct 01, 2010 at 11:25:31AM +0200, Kalman Feher wrote:
> > Yes. To explain my setup further, there is a view based on
> > src-IPs for some clients, where recursion is turned on.
> > The rest of the world gets non-recursive answers, e.g. with
> > authoritative data, or refused.
> > 
> > In case of that specfic forward zone, bind answers in the
> > non-recursive case with a referal to itself (there is only one
> > public IP), which is causing a loop, as there is no way to
> > specify a different port in the DNS protocol (AFAIK)
> This is the problem and the reason I agree with Kevin.  The referral is
> correct behaviour. Your DNS set up is wrong. You have 2 choices and a third

Well, I could agree agree that "wrong" means not thought of by
RfC-Designers and bind implementators (yet).

> less palatable option:
> 
> 1. Make the other DNS software available on another IP. So normal DNS
> behaviour works.

Hm, this is not too easy in practice, but of course optimal solution.
IPv6 will help here, I hope.
> 
> 2. Add the zone as a slave within your authoritative view. (this option may
> be the easiest for your situation).

Not feasible as it contains dynamically generated content,
typically with a TTL of 0.
> 
> 3. recursive view with forwards to both your authoritative view and the
> dynamic subdomain. I think this solution is silly and will be problematic to
> maintain, but its likely to suite your needs exactly.

Hm, I have to think about that. As said, I do not want to give
recursive answers to the whole world. It sounds like a hack, though.

The more I am into the problem, the more I come to the point
where I like to have some sort of query "switch", i.e. something
that redirects queries for a certain domain to one address, and
other queries to other servers. It would be great if it would be part
of bind.

Bye,

Joerg

Attachment: signature.asc
Description: Digital signature

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to