As discussed. the idea of slaving zones in this manner or using forwarders isn't exactly scalable in the least.
I'm currently working to get a test DNS server running to try a sort of "local root server" config.
The full local root server config would likely leave remote nameservers unable to resolve Internet addresses, at least not without going through on of our own root nameservers. Given the rather high latency to be expected on our links, this isn't a good idea.
If my idea works, this problem will be avoided. Maybe.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When you try it three different ways and you keep getting "NXDOMAIN", it's time to reconsider. :-/
Basically, an internal root (i.e. making the "." zone a local master) and delegating to other internal domains works just peachy. But anything not in those zones (i.e. Internet host) don't resolve, since the nameserver doesn't know where to look. And I can't figure out how to tell it.
There is a way for everyone to have their nameservers resolve internal addresses: use forward zones. This requires an entry in the named.conf for each forward and reverse zone you want to see, each of which has a pointer to that domain's master. I will post a partial configuration in the documentation for now.
It isn't pretty but it works and doesn't screw up resolution of you favorite porn sites, so there ya go.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
BTW.. Derek, Larry: If you want to try out this test DNS server, it's at 192.168.1.28 (diesel.bithose.com)
I don't have Larry's zones in there because I don't know what they are or where his server is, and I wasn't about to portscan across the 800msec routed connection. ;)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just sent Derek a set of BIND config and zone files so he can run an internal DNS for his domain, and slave my internal names and IPs as well.
I suggest that others do this as well, and coordinate with me and your conneciton neighbors to propogate the DNS zone data.
As discussed. the idea of slaving zones in this manner or using forwarders isn't exactly scalable in the least.
I'm currently working to get a test DNS server running to try a sort of "local root server" config.
The full local root server config would likely leave remote nameservers unable to resolve Internet addresses, at least not without going through on of our own root nameservers. Given the rather high latency to be expected on our links, this isn't a good idea.
If my idea works, this problem will be avoided. Maybe.
When you try it three different ways and you keep getting "NXDOMAIN", it's time to reconsider. :-/
Basically, an internal root (i.e. making the "." zone a local master) and delegating to other internal domains works just peachy. But anything not in those zones (i.e. Internet host) don't resolve, since the nameserver doesn't know where to look. And I can't figure out how to tell it.
There is a way for everyone to have their nameservers resolve internal addresses: use forward zones. This requires an entry in the named.conf for each forward and reverse zone you want to see, each of which has a pointer to that domain's master. I will post a partial configuration in the documentation for now.
It isn't pretty but it works and doesn't screw up resolution of you favorite porn sites, so there ya go.
BTW.. Derek, Larry: If you want to try out this test DNS server, it's at 192.168.1.28 (diesel.bithose.com)
I don't have Larry's zones in there because I don't know what they are or where his server is, and I wasn't about to portscan across the 800msec routed connection. ;)