Re: Difference between delegation and forward zone

[Mark Andrews]

In message <1993722142.5470245.1488838862...@mail.yahoo.com>, Mik J via 
bind-users writes:
> >
> Barry: "Also, if there are no delegation records for the subdomain, the
> parent server believes it's authoritative for them, despite having
> forwarders configured."
> I don't understand what you just wrote above. Are you saying I need to do
> both delegation and forwarding on my authoritative server on the parent
> domain?
> So yes the case is load balancers or other devices that are not real DNS,
> they behave in funny way.

Just delegate.  That is what you are trying to do and that is how
the DNS is designed to work.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Difference between delegation and forward zone

[Mik J via bind-users]

Barry: "Also, if there are no delegation records for the subdomain, the parent 
server believes it's authoritative for them, despite having forwarders 
configured." 
I don't understand what you just wrote above. Are you saying I need to do both 
delegation and forwarding on my authoritative server on the parent domain ?
So yes the case is load balancers or other devices that are not real DNS, they 
behave in funny way.




   ___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Difference between delegation and forward zone

[Barry Margolin]

In article ,
 "McDonald, Daniel (Dan)"  wrote:

> Yes, you can forward to a subdomain.  Just define it as a separate zone and 
> include the forwarders and forward-only lines.  I believe you need 
> allow-query-cache for this to work.

This won't work reliably if the server is supposed to be authoritative 
for the parent domain. The problem is that queries from resolvers do not 
have the Recursion Desired flag set, and forwarding is only done when 
recursing.

Also, if there are no delegation records for the subdomain, the parent 
server believes it's authoritative for them, despite having forwarders 
configured.

Forwarding is generally only useful on resolvers, not authoritative 
servers.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Difference between delegation and forward zone

[McDonald, Daniel (Dan)]

Yes, you can forward to a subdomain.  Just define it as a separate zone and 
include the forwarders and forward-only lines.  I believe you need 
allow-query-cache for this to work.

Delegated zones don’t necessarily need to respond with SOA and NS records.  
Many load balancers use delegated zones for global server load balancing.  Just 
point your NS records at the load balancer and it should refer the querying DNS 
server along to the load balancer.  Assuming something else is doing the 
recursive lookups, you just need allow-query for this.  If this device is doing 
the recursive lookups, then you need allow-recursion for this to work.

You do need SOA and NS records if you are going to set up either a secondary or 
a stub zone.  In this case, you would need allow-query.

From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Bind Users 
<bind-users@lists.isc.org>
Reply-To: Mik J <mikyde...@yahoo.fr>
Date: Monday, March 6, 2017 at 10:24
To: Bind Users <bind-users@lists.isc.org>
Subject: Difference between delegation and forward zone

Hello,

I would like to check if my understanding is correct regarding delegation and 
forward

Delegation: I want to delegate the administrative tasks to someone else for one 
subdomain
subdomain1.mydomain.org
I'll specify the NS of that subdomain1.mydomain.org in my mydomain.org zone file
The other person will be able to create rr1.subdomain1.mydomain.org

Forward zone: I can forward a specific zone to a DNS that is different from the 
default fowarders or I won't attempt to do an iterative lookup.

=> Question 1: Can I have a forward zone that is a subdomain 
subdomain1.mydomain.org ? Or when the zone is a subdomain of mydomain (I'm 
athoritative) it's always a delegation ?

=> Question 2: When I do a delegation, is it correct that the remote DNS server 
holding subdomain1.mydomain.org must always answer the SOA with SOA records and 
NS records (RFC 2181 chapter 6.1)

Regards

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Difference between delegation and forward zone

[Mik J via bind-users]

Hello,
I would like to check if my understanding is correct regarding delegation and 
forward
Delegation: I want to delegate the administrative tasks to someone else for one 
subdomainsubdomain1.mydomain.orgI'll specify the NS of that 
subdomain1.mydomain.org in my mydomain.org zone fileThe other person will be 
able to create rr1.subdomain1.mydomain.org
Forward zone: I can forward a specific zone to a DNS that is different from the 
default fowarders or I won't attempt to do an iterative lookup.
=> Question 1: Can I have a forward zone that is a subdomain 
subdomain1.mydomain.org ? Or when the zone is a subdomain of mydomain (I'm 
athoritative) it's always a delegation ?
=> Question 2: When I do a delegation, is it correct that the remote DNS server 
holding subdomain1.mydomain.org must always answer the SOA with SOA records and 
NS records (RFC 2181 chapter 6.1)
Regards

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users