subject:"Hints for forwarding a subdomain on a authoritative server"

Re: Hints for forwarding a subdomain on a authoritative server

2020-07-06 Thread Tony Finch

Tom  wrote:
>
> But: The zone-forwarding is only working, when I enable "recursion" on the
> authoritative server. Does this means, that zone-forwarding really requires
> recursion?

Yes, forwarding is completely specific to recursive servers. That is, the
server doing the forwarding must be recursive, and the target server must
also be recursive.

[ In some limited cases you can get away with the target server not being
recursive; I think the restrictions are that the target zone must not have
any delegations or out-of-zone CNAMEs, but I haven't tested this myself. ]

> Is there a better way with not enabling recursion (perhaps with views)
> to accomplish this?

Use a type "static-stub" zone if the target server is authoritative.

If the server doing the forwarding is not recursive then it needs to
secondary its own authoritative copy of the zone. But presumably you are
trying to forward because AXFRing the zone isn't possible. In that case
you need something like dnsdist which can act as a DNS reverse proxy. BIND
won't query another server when a query is RD=0.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
Fisher, German Bight: West or northwest 7 or gale 8, occasionally severe gale
9 at first in Fisher, decreasing 5 or 6 later. Rough or very rough, becoming
moderate or rough later. Showers. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Hints for forwarding a subdomain on a authoritative server

2020-07-06 Thread Sten Carlsen


Thanks

Sten

> On 6 Jul 2020, at 16.03, Tom  wrote:
> 
> Hi list
> 
> Our BIND (9.16.4) is authoritative for zone "example.com". Now I need to 
> forward a subzone "sub.example.com" to another nameserver instance on the 
> same server, running for example under port 5353:
> 
> A few years ago, this topic was already discussed:
> https://lists.isc.org/pipermail/bind-users/2009-April/076156.html
> 
> My BIND config looks like this:
> == SCHNIPP ==
> zone "example.com" {
>type master;
>file "master/example.com.hosts";
>};
> zone "sub.example.com" {
>type forward;
>forwarders { 127.0.0.1 port 5353; };
>forward only;
>};
> == SCHNAPP ==
> 
> In the zonefile for "example.com" I have a delegation like this (as described 
> in the post above):
> 
> sub.example.com.IN  NS  subns.example.com.
> 
> So, the authoritative server understands not to be responsible for this zone 
> and forwards the request to the other nameserver.
> 
> But: The zone-forwarding is only working, when I enable "recursion" on the 
> authoritative server. Does this means, that zone-forwarding really requires 
> recursion?
Yes.
> Is there a better way with not enabling recursion (perhaps with views) to 
> accomplish this?
Stub zones are normally recommended instead.
> 
> Many thanks for any hints.
> 
> Kind regards,
> Tom
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Hints for forwarding a subdomain on a authoritative server

2020-07-06 Thread Tom


Hi list

Our BIND (9.16.4) is authoritative for zone "example.com". Now I need to 
forward a subzone "sub.example.com" to another nameserver instance on 
the same server, running for example under port 5353:


A few years ago, this topic was already discussed:
https://lists.isc.org/pipermail/bind-users/2009-April/076156.html

My BIND config looks like this:
== SCHNIPP ==
zone "example.com" {
type master;
file "master/example.com.hosts";
};
zone "sub.example.com" {
type forward;
forwarders { 127.0.0.1 port 5353; };
forward only;
};
== SCHNAPP ==

In the zonefile for "example.com" I have a delegation like this (as 
described in the post above):


sub.example.com.IN  NS  subns.example.com.

So, the authoritative server understands not to be responsible for this 
zone and forwards the request to the other nameserver.


But: The zone-forwarding is only working, when I enable "recursion" on 
the authoritative server. Does this means, that zone-forwarding really 
requires recursion? Is there a better way with not enabling recursion 
(perhaps with views) to accomplish this?


Many thanks for any hints.

Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Hints for forwarding a subdomain on a authoritative server

Re: Hints for forwarding a subdomain on a authoritative server

Hints for forwarding a subdomain on a authoritative server

3 matches

Site Navigation

Mail list logo

Footer information