On Tue, 2008-07-08 at 14:33 -0400, Kyle McDonald wrote:
> Chris Buxton wrote:
> > Your basic problem is that your authoritative name servers are also
> > doing recursion. If you can avoid this, do so - turn recursion off on
> > the name servers that host the subdomain.

> Ok. I have, and want, the clients in the subdomain to use these servers
> (in their resolv.conf) to resolve queries. Doesn't that mean I need
> recursion on? Is that a bad idea?
> >
> > If your authoritative name servers must also perform recursion, set up
> > either stub zones or slave zones for the apex(es) of the internal
> > domain(s) - this may be the "parent domain" you mentioned, or the
> > parent of that domain, or possibly even further upstream in the
> > namespace hierarchy. If you have any global forwarding turned on,
> > conditionally turn it off for these stub or slave zones.
> >

OT here I realize, but Win2K3 DNS does support stub zones.

> I'm not sure I'm understanding this. Create stub or slave zones on my
> name servers? or on the parent? The parent domain is managed by Win2k3
> DNS servers and I don't think they have the concept of 'stub' zones.
> I did make my servers slaves of the parent. That solved it, but it seems
> like a hack. After reading up more on forwarders, I was thinking of
> adding a 'forward' zone named after the parent which pointed to the
> parent domain's nameservers like:
> zone egenera.com
> {
> type forward;
> forwarders {,; };
> }
> Is this what you mean by stub? Actually if you mean that I should create
> a stub on my server, then I guess you're right, that should work
> similiar to the forwarder or slave.
> So it seems I have a bunch of options:
> 1) Disable recursion. Optionally:
> a) configure clients to resolve with parent servers.
> b) configure global forwarding to parent servers.
> 2) Setup Selective forwarding with a 'forward' zone for the parent domain.
> 3) Setup a 'stub' zone for the parent domain. (Is this any different
> than the 'forward' zone?)
> 4) Setup 'slave' zones of the partent, complete with zone transfers,
> updates, etc.
> Right now I'm thinking tha #2 sounds best, with 1b as a second choice.
> Anything wrong with my logic or understanding?
> Thanks for the help!
> -Kyle

Jeff Reasoner
513 728-7902 voice