Re: Hints for forwarding a subdomain on a authoritative server
Tom wrote: > > But: The zone-forwarding is only working, when I enable "recursion" on the > authoritative server. Does this means, that zone-forwarding really requires > recursion? Yes, forwarding is completely specific to recursive servers. That is, the server doing the forwarding must be recursive, and the target server must also be recursive. [ In some limited cases you can get away with the target server not being recursive; I think the restrictions are that the target zone must not have any delegations or out-of-zone CNAMEs, but I haven't tested this myself. ] > Is there a better way with not enabling recursion (perhaps with views) > to accomplish this? Use a type "static-stub" zone if the target server is authoritative. If the server doing the forwarding is not recursive then it needs to secondary its own authoritative copy of the zone. But presumably you are trying to forward because AXFRing the zone isn't possible. In that case you need something like dnsdist which can act as a DNS reverse proxy. BIND won't query another server when a query is RD=0. Tony. -- f.anthony.n.finchhttp://dotat.at/ Fisher, German Bight: West or northwest 7 or gale 8, occasionally severe gale 9 at first in Fisher, decreasing 5 or 6 later. Rough or very rough, becoming moderate or rough later. Showers. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Hints for forwarding a subdomain on a authoritative server
Thanks Sten > On 6 Jul 2020, at 16.03, Tom wrote: > > Hi list > > Our BIND (9.16.4) is authoritative for zone "example.com". Now I need to > forward a subzone "sub.example.com" to another nameserver instance on the > same server, running for example under port 5353: > > A few years ago, this topic was already discussed: > https://lists.isc.org/pipermail/bind-users/2009-April/076156.html > > My BIND config looks like this: > == SCHNIPP == > zone "example.com" { >type master; >file "master/example.com.hosts"; >}; > zone "sub.example.com" { >type forward; >forwarders { 127.0.0.1 port 5353; }; >forward only; >}; > == SCHNAPP == > > In the zonefile for "example.com" I have a delegation like this (as described > in the post above): > > sub.example.com.IN NS subns.example.com. > > So, the authoritative server understands not to be responsible for this zone > and forwards the request to the other nameserver. > > But: The zone-forwarding is only working, when I enable "recursion" on the > authoritative server. Does this means, that zone-forwarding really requires > recursion? Yes. > Is there a better way with not enabling recursion (perhaps with views) to > accomplish this? Stub zones are normally recommended instead. > > Many thanks for any hints. > > Kind regards, > Tom > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Hints for forwarding a subdomain on a authoritative server
Hi list Our BIND (9.16.4) is authoritative for zone "example.com". Now I need to forward a subzone "sub.example.com" to another nameserver instance on the same server, running for example under port 5353: A few years ago, this topic was already discussed: https://lists.isc.org/pipermail/bind-users/2009-April/076156.html My BIND config looks like this: == SCHNIPP == zone "example.com" { type master; file "master/example.com.hosts"; }; zone "sub.example.com" { type forward; forwarders { 127.0.0.1 port 5353; }; forward only; }; == SCHNAPP == In the zonefile for "example.com" I have a delegation like this (as described in the post above): sub.example.com.IN NS subns.example.com. So, the authoritative server understands not to be responsible for this zone and forwards the request to the other nameserver. But: The zone-forwarding is only working, when I enable "recursion" on the authoritative server. Does this means, that zone-forwarding really requires recursion? Is there a better way with not enabling recursion (perhaps with views) to accomplish this? Many thanks for any hints. Kind regards, Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users