On Fri, Oct 01, 2010 at 11:25:31AM +0200, Kalman Feher wrote: > > Yes. To explain my setup further, there is a view based on > > src-IPs for some clients, where recursion is turned on. > > The rest of the world gets non-recursive answers, e.g. with > > authoritative data, or refused. > > > > In case of that specfic forward zone, bind answers in the > > non-recursive case with a referal to itself (there is only one > > public IP), which is causing a loop, as there is no way to > > specify a different port in the DNS protocol (AFAIK) > This is the problem and the reason I agree with Kevin. The referral is > correct behaviour. Your DNS set up is wrong. You have 2 choices and a third
Well, I could agree agree that "wrong" means not thought of by RfC-Designers and bind implementators (yet). > less palatable option: > > 1. Make the other DNS software available on another IP. So normal DNS > behaviour works. Hm, this is not too easy in practice, but of course optimal solution. IPv6 will help here, I hope. > > 2. Add the zone as a slave within your authoritative view. (this option may > be the easiest for your situation). Not feasible as it contains dynamically generated content, typically with a TTL of 0. > > 3. recursive view with forwards to both your authoritative view and the > dynamic subdomain. I think this solution is silly and will be problematic to > maintain, but its likely to suite your needs exactly. Hm, I have to think about that. As said, I do not want to give recursive answers to the whole world. It sounds like a hack, though. The more I am into the problem, the more I come to the point where I like to have some sort of query "switch", i.e. something that redirects queries for a certain domain to one address, and other queries to other servers. It would be great if it would be part of bind. Bye, Joerg
signature.asc
Description: Digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
