I agree with Len. Whenever we merge a new location into our network, and the circuit is neither fat nor reliable, I make their DNS forward queries for our internal zones to us, keep authority for their own zones, and do recursion for everything else. This allows us to serve the users as we slowly homogenize the whole mess. The "pecking order" seems to be authoritative first, forward second, and recursion last.
Alan Alan V. Shackelford Senior Systems Software Engineer The Johns Hopkins University and Johns Hopkins Medical Institutions Baltimore, Maryland USA ashac...@jhmi.edu<mailto:ashac...@jhmi.edu> 410-735-4773 From: bind-users-bounces+ashackel=jhmi....@lists.isc.org [mailto:bind-users-bounces+ashackel=jhmi....@lists.isc.org] On Behalf Of Leonard Mills Sent: Sunday, June 02, 2013 3:29 PM To: Jonathan Reed; bind-users Subject: Re: does zone trump forward? As I understand AUTHORITATIVE trumps anything. For example, from an inside intranet name server forward the root (".") to somewhere on your edge, sprinkle in a few internal-only authoritative zones, and enjoy. This is certainly not the only choice, but it functions pretty well. Len ________________________________ From: Jonathan Reed <cronst...@gmail.com<mailto:cronst...@gmail.com>> To: bind-users <bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>> Sent: Sunday, June 2, 2013 12:10 PM Subject: does zone trump forward? I've only ever come across bind configs where forwarding is in place to locate certain zones, then all other queries are handled by either recursion or authoritatively. But what about the other way around, where I'm master for a few zones but forward the rest? Consider this: view "the-internet" { recursion no; type forward; forwarders { 8.8.8.8; }; zone "example.com<http://example.com/>" { type master file "example.com<http://example.com/>" ...... } Whats confusing me is the implied configuration setting of forward first when the forward statement is used. If it truly forwards first, then I see an odd logical scenario happening. All queries are sent to the forwarder before being handled by localhost. Then, once the forwarder recognizes that I'm the master of example.com<http://example.com/>, why would a loop not occur if the forwarder matches this view? To ask the question another way, does the zone statement take precedence on matching queries over any forwarding? Thanks _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
