[plug] nameserver delegation

[Ronneil Camara]

Title: nameserver delegation

TULONG!

I am experimenting now on nameserver delegation.

This is my exercise network setup:

                  ns.mydom.com
                  linux.mydom.com
                  smtp.mydom.com
                      [---]
                      [   ]
                      [   ]---[wsA]
                      [---]        
                        |
                        |
                        |
              .------------------.
              |                  |
              |                  |
              |                  |
            [---]              [---]
            [   ]              [   ]
            [   ]---[wsB]      [   ]---[wsC]
            [---]              [---]
    ns.sub1.mydom.com        ns.sub2.mydom.com
    www.sub1.mydom.com       w3.sub2.mydom.com
    ldap.sub1.mydom.com      ftp.sub2.mydom.com

Network Setup explanation:   
1. mydom.com is the primary domain but not authoritative for sub1 and sub2
2. sub1 and sub2 are subdomain of mydom.com and also a nameserver for that subdomain, therefore sub1 nameserver is authoritative for sub1.mydom.com while sub2 is authoritative for sub2.mydom.com

3. ns.mydom.com nameserver contains an NS and A Record entry which points to the two subdomains

wsA contains the ip address of ns.mydom.com only as its nameserver entry
wsB contains the ip address of ns.sub1.mydom.com only as its nameserver entry
wsC contains the ip address of ns.sub2.mydom.com only as its nameserver entry

From wsA, I can ping any FQDN under mydom.com, sub1.mydom.com and sub2.mydom.com.
From wsB, I can only ping an FQDN under sub1.mydom.com but not under mydom.com and sub2.mydom.com
From wsC, I can only ping an FQDN under sub2.mydom.com but not under mydom.com and sub1.mydom.com

If I am going to change the entry of wsB and wsC to point first to the ip address of ns.mydom.com, wsB & wsC will be able to ping anyone using FQDN. But this solution defeats the real purpose of DNS since it will eat up bandwidth/traffic on the backbone. A good DNS design is that, it will only send out traffic to the link once it finds out that the query is not local.

So how should I configure ns.sub1.mydom.com and ns.sub2.mydom.com to solve my problem? This solution will help because, there will be no more configuration on wsB & wsC.

I've tried forwarders and it works but I don't know if I really answered my problem.

Comments please!

--
            .-------------------------------------------------------.
    o^o     | Ronneil Camara     | [EMAIL PROTECTED] |
    /V\     |--------------------| +632 6354086      +63917 5326993 |
   // \\    | "The only way to   `----------------------------------|
  /(   )\   |          stop a hacker is to think like one."         |
   ^^-^^    |                          ...brilliant misguided youth |
            `-------------------------------------------------------'