I wrote:
> Now in a really decentralized company (where you cannot make the
> PARENT server secondary of all the SUBDOMAIN servers) is there a
> possibility to achieve split dns *and* subdomain delegation without
> hacking bind?
> [snip]
> Conclusion: You cannot delegate domains in a split dns setup!
As several people have mentionned it is possible *if* (only if?) the parent
server is a secondary server for all internal subdomains. I have to rephrase
my conclusion a little bit:
You cannot delegate domains in a split dns setup without having a
server that knows every single host/IP address in that domain.
Bill Gaupp <wvg @
minnesota .
emc .
cdc .
com> wrote:
> Sure you can. We're doing exactly this.
>
> In your main "foo.com" map on your internal "parent" server just list
> NS records for all the subdomain servers. Also make sure you include
> IP addresses of the subdomain servers so the parent knows how to contact
> the subdomain servers.
If I correctly understand the functionality of the forwarder statement the
parent server looks at the following places for a host from a delegated
subdomain (in that order):
1. in the cache
2. in its database (Bingo! if he is secondary)
3. queries all forwarder nameservers (firewall will return: no such host)
4. does a regular query (this will *never* happen!)
Now it won't help if the parent server knows about other servers, since
he will never do a regular query. I actually tried what you propose with
SunOS 4.1.3 named and it didn't work. Could you tell me please what version
of bind you're using on the internal "parent" server? Maybe your nameserver
behaves differently from what I observed?
Thanks
---
Goetz von Escher email: Goetz .
von-Escher @
Open .
CH
Open Systems AG voice: +41 (61) 262-0505
Basel, Switzerland FAX: +41 (61) 262-0510
|
|
