Re: forward only single zone

Tue, 08 Mar 2016 01:34:16 -0800 



On 2016-03-07 18:05, Tony Finch wrote:

Oto BREZINA <o...@e-posta.sk> wrote:

I need to create one subzone of public zone which is served by another server.
This can not be transfered. Server is located on LAN.

Tricky. I don't think it is possible to do what you want with BIND.
You probably can do it with dnsdist - see http://dnsdist.org/
(I have not tried to use dnsdist myself.)

Explanation of why it doesn't work below...

Thank you for answer and explanation, even not the answer i was hoping
for, but somehow expected - based on web research. At least I'm not
going to invest time in dead end. I'll check if I can get separate IP
for my calc zone and NAT it.



my setting right now is like:

view "local" {
         allow-query { internals; };
         match-clients { internals; };
         recursion yes;

         include "local zones";
         include "public zones";
         include "slave zones";
};

view "public" {
         allow-query { any; };
         match-clients { any; };
         recursion no;

         include "public zones"; // contains example.com with clue to same
server
         include "slave zones";
};

I need to add

zone "calc.example.com" {
                 type forward;
                 forward only;
                 forwarders { local_machine; };
         };

adding it to local wont let external client to get access, but works from
internals
adding it to public, does not help, it returns only clues; forward only wont
word as recursion is no, adding another view public2 seems have no affect.

The reason this doesn't work is that forwarding in BIND is only for
recursive queries.

So when you add this "type forward" zone to your public view, it doesn't
work for two reasons: firstly, you have disabled recursion on the view,
which is normally exactly the right thing, but it also disables
forwarding; and secondly, most queries that your server will receive on
its public view will be from resolvers with the "recursion desired" bit
off, RD=0, which also disables forwarding.

And because recursion is disabled, clients that query for calc.example.com
will get a referral rather than the answer you expected.

Tony.




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to