Re: Difference between delegation and forward zone
In message <1993722142.5470245.1488838862...@mail.yahoo.com>, Mik J via bind-users writes: > > > Barry: "Also, if there are no delegation records for the subdomain, the > parent server believes it's authoritative for them, despite having > forwarders configured." > I don't understand what you just wrote above. Are you saying I need to do > both delegation and forwarding on my authoritative server on the parent > domain? > So yes the case is load balancers or other devices that are not real DNS, > they behave in funny way. Just delegate. That is what you are trying to do and that is how the DNS is designed to work. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Difference between delegation and forward zone
Barry: "Also, if there are no delegation records for the subdomain, the parent server believes it's authoritative for them, despite having forwarders configured." I don't understand what you just wrote above. Are you saying I need to do both delegation and forwarding on my authoritative server on the parent domain ? So yes the case is load balancers or other devices that are not real DNS, they behave in funny way. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Difference between delegation and forward zone
In article, "McDonald, Daniel (Dan)" wrote: > Yes, you can forward to a subdomain. Just define it as a separate zone and > include the forwarders and forward-only lines. I believe you need > allow-query-cache for this to work. This won't work reliably if the server is supposed to be authoritative for the parent domain. The problem is that queries from resolvers do not have the Recursion Desired flag set, and forwarding is only done when recursing. Also, if there are no delegation records for the subdomain, the parent server believes it's authoritative for them, despite having forwarders configured. Forwarding is generally only useful on resolvers, not authoritative servers. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Difference between delegation and forward zone
Yes, you can forward to a subdomain. Just define it as a separate zone and include the forwarders and forward-only lines. I believe you need allow-query-cache for this to work. Delegated zones don’t necessarily need to respond with SOA and NS records. Many load balancers use delegated zones for global server load balancing. Just point your NS records at the load balancer and it should refer the querying DNS server along to the load balancer. Assuming something else is doing the recursive lookups, you just need allow-query for this. If this device is doing the recursive lookups, then you need allow-recursion for this to work. You do need SOA and NS records if you are going to set up either a secondary or a stub zone. In this case, you would need allow-query. From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Bind Users <bind-users@lists.isc.org> Reply-To: Mik J <mikyde...@yahoo.fr> Date: Monday, March 6, 2017 at 10:24 To: Bind Users <bind-users@lists.isc.org> Subject: Difference between delegation and forward zone Hello, I would like to check if my understanding is correct regarding delegation and forward Delegation: I want to delegate the administrative tasks to someone else for one subdomain subdomain1.mydomain.org I'll specify the NS of that subdomain1.mydomain.org in my mydomain.org zone file The other person will be able to create rr1.subdomain1.mydomain.org Forward zone: I can forward a specific zone to a DNS that is different from the default fowarders or I won't attempt to do an iterative lookup. => Question 1: Can I have a forward zone that is a subdomain subdomain1.mydomain.org ? Or when the zone is a subdomain of mydomain (I'm athoritative) it's always a delegation ? => Question 2: When I do a delegation, is it correct that the remote DNS server holding subdomain1.mydomain.org must always answer the SOA with SOA records and NS records (RFC 2181 chapter 6.1) Regards ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Difference between delegation and forward zone
Hello, I would like to check if my understanding is correct regarding delegation and forward Delegation: I want to delegate the administrative tasks to someone else for one subdomainsubdomain1.mydomain.orgI'll specify the NS of that subdomain1.mydomain.org in my mydomain.org zone fileThe other person will be able to create rr1.subdomain1.mydomain.org Forward zone: I can forward a specific zone to a DNS that is different from the default fowarders or I won't attempt to do an iterative lookup. => Question 1: Can I have a forward zone that is a subdomain subdomain1.mydomain.org ? Or when the zone is a subdomain of mydomain (I'm athoritative) it's always a delegation ? => Question 2: When I do a delegation, is it correct that the remote DNS server holding subdomain1.mydomain.org must always answer the SOA with SOA records and NS records (RFC 2181 chapter 6.1) Regards ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users