Réf. : forwarders and zone delegation - a good one

Réf. : forwarders and zone delegation - a good one

Post by Thierry.Agas.. » Tue, 20 Jan 1998 04:00:00



Hi Dave,

Good one indeed.

It is a known situation actually, and if you run a versions between 4.9.3
and 4.9.5-P1 included, there is a patch
in the contrib directory of the respective version (see www.vix.com).

This patch is called "noforward" patch and means what it means.

When applied, you can add something like :

               noforward      test.com   c.b.a.in-add.arpa
in named.boot.

When restarted, the DNS server A (in your example) will not forward any
request for something in or below the listed domains, even if the forwarder
directive exist.

Another alternative would be to make A secondary of ack.test.com, but if
your zones are big, it is less "bandwith friendly".

What I don't know yet is what hapens on 4.9.6 and 8.1. Neither the patch
not the directive seem to exist in one of these.

Maybe Cricket or Barry  will help.

Best regards !

Thierry A.


cc :       (ccc : Thierry Agassis/AOT/LPSB/Unicible)

Date :    15.01.98 03:18:20
Objet :   forwarders and zone delegation - a good one

This may take some explaining but here goes.  I don't see a specific
reference to this issue in DNS and BIND.
I have a nameserver (A) that is primary for a zone, I'll call it test.com.
It also knows about a delegation to ack.test.com served by nameserver B.  A
is a forwarder to nameserver C who DOES not know about the delegation.  It
knows about test.com but not ack.test.com.
    When I send a query to A for a host in ack.test.com (ie.
dave.ack.test.com), the lookup fails because A just goes to his forwarder C
who has no info on ack.test.com.  In a forwarding situation, I thought is a
server could answer it would and then forward if it didn't know any info.
Here, A knows who to contact for info on ack.test.com yet he goes to his
forwarder.  Is this correct behaviour?  To rectify this would I have to let
C (the forwardee for lack of a better word), know about the delegation of
ack.test.com?
Any help would be much appreciated.  Email response is better as I can't
get
regular updates to thsi group (ack!)
Cheers
Dave

 
 
 

Réf. : forwarders and zone delegation - a good one

Post by Cricket L » Tue, 20 Jan 1998 04:00:00



>Good one indeed.

Yup.  It's a problem that's haunted lots of people for a long time.

Quote:>It is a known situation actually, and if you run a versions between 4.9.3
>and 4.9.5-P1 included, there is a patch
>in the contrib directory of the respective version (see www.vix.com).

>This patch is called "noforward" patch and means what it means.

>When applied, you can add something like :

>               noforward      test.com   c.b.a.in-add.arpa
>in named.boot.

>When restarted, the DNS server A (in your example) will not forward any
>request for something in or below the listed domains, even if the forwarder
>directive exist.

>Another alternative would be to make A secondary of ack.test.com, but if
>your zones are big, it is less "bandwith friendly".

>What I don't know yet is what hapens on 4.9.6 and 8.1. Neither the patch
>not the directive seem to exist in one of these.

BIND 4.9.6 and 8.1.1 both behave the same way, by default, as previous
versions did:  forwarding overrides delegation.  In early BIND 8 docs,
the ISC described a more flexible forwarding scheme that seemed to
address some of the problems folks were having.  That scheme hasn't
yet been implemented, though.

 
 
 

1. forwarders and zone delegation - a good one

This may take some explaining but here goes.  I don't see a specific
reference to this issue in DNS and BIND.

I have a nameserver (A) that is primary for a zone, I'll call it test.com.
It also knows about a delegation to ack.test.com served by nameserver B.  A
is a forwarder to nameserver C who DOES not know about the delegation.  It
knows about test.com but not ack.test.com.
    When I send a query to A for a host in ack.test.com (ie.
dave.ack.test.com), the lookup fails because A just goes to his forwarder C
who has no info on ack.test.com.  In a forwarding situation, I thought is a
server could answer it would and then forward if it didn't know any info.
Here, A knows who to contact for info on ack.test.com yet he goes to his
forwarder.  Is this correct behaviour?  To rectify this would I have to let
C (the forwardee for lack of a better word), know about the delegation of
ack.test.com?

Any help would be much appreciated.  Email response is better as I can't get
regular updates to thsi group (ack!)

Cheers

Dave


2. inst

3. forwarders overriding zone delegation.

4. Walnut Creek TeX CD-ROM?

5. zone delegation and forwarders

6. gcc -o hello hello.cpp ** not!!!

7. Réf. : Bind NT and secured zones

8. Réf. : DNS Zone Transfers

9. How to query two forwarders, even if the first one gave a negative answer?

10. Forwarders and delegations

11. DNS Forwarder and Delegation in single machine

12. delegation and forwarder