1 |
On Wed, Dec 2, 2015 at 2:52 PM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
2 |
> On 02/12/2015 21:37, lee wrote: |
3 |
>> Hi, |
4 |
>> |
5 |
>> is there a way to configure bind so that the names of local hosts, |
6 |
>> i. e. the ones bind is authoritative for, can be resolved without a |
7 |
>> connection to the internet? |
8 |
|
9 |
I am surprised to hear that bind does not do this by default. I can't |
10 |
see any reason it would recursively resolve a query that it already |
11 |
has the answer to. |
12 |
|
13 |
Maybe there is a config setting or something, because I seem to recall |
14 |
it working that way previously. |
15 |
|
16 |
>> I don't like it at all that when the internet connection goes out, no |
17 |
>> name resolution at all is possible. Since the information about the |
18 |
>> local hosts is known to bind from its configuration files, why can't it |
19 |
>> just resolve them? |
20 |
>> |
21 |
> |
22 |
> |
23 |
> There are several problems with your idea. First, the configured |
24 |
> namservers in resolv.conf are caching servers, not authoritative |
25 |
> servers. You never configure an auth server to act as a cache. Yes, it |
26 |
> can be done. No, it's an awful idea and things break horribly. |
27 |
|
28 |
For small private networks, it is quite common to set up a name server |
29 |
that is both authoritative for some zones, and recursively resolves |
30 |
others. This is especially common with Active Directory, where the |
31 |
domain for AD is not made public. |
32 |
|
33 |
> Secondly, nothing else on your network can know your auth server is |
34 |
> authoritative without first being informed so by the delegating server. |
35 |
> Or in other words, if you own example.com and an auth server for |
36 |
> example.com is on your network, you have to first go via .com to know |
37 |
> that. Weird, but that's how it works. |
38 |
|
39 |
You have described how a recursive resolver works. Most devices use a |
40 |
sub resolver that simply passes queries to a single name server which |
41 |
then resolves the query as you describe. |