Chris Knipe wrote: > > > > If the first DNS server is > > > > authoritative for the domain in question, the query will either > > > > succeed or fail there; non-existent subdomains will not be looked up > > > > elsewhere. > > > > > > Is it possible to configure BIND to be "semi-authorative"? > > > > No. > > No ? No. > Excuse me... Check the documentation. I have. > I am not sure of the config option (i dont have the bind docs with me), but > there is definately a config section where you can set ations to be taken if > a request is 1) not found, If the server is /not/ authoritative for a domain and it doesn't have the data in its cache, then the "forward" and "forwarders" options are used, but that isn't relevant here. > or 2) non-authoritive, non-authoritative results are fine, unless the client has set the AAONLY flag, in which case the server is simply going to ignore cached data but otherwise process the query normally. Also, note that the "auth-nxdomain" option isn't relevant here. > and a few other things aswell. Such as? > I almost think a few of the options is warn, fail, and a few others. ignore/warn/fail are the available settings for the check-names option, which isn't relevant here. > You need definately however need to configure forwarders for your DNS > configuration "forwarders" is not relevant here. From the BIND docs (options.html): > Forwarding occurs only on those queries for which the server is not > authoritative and does not have the answer in its cache. There seems to be some confusion regarding authoritative vs caching nameservers (Daryl's question seemed to be about the former). This issue seems to cause sufficient problems that I'm wondering whether it's really a good idea for named to do both, or if it would be better to have two entirely separate programs. -- Glynn Clements <glynn@sensei.co.uk> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
