On Wed, Jan 04, 2017 at 12:23:44PM +1100, Mark Andrews wrote: > > In message <20170104010026.GA3160@ubuntu>, Nex6 writes: > > On Wed, Jan 04, 2017 at 01:46:07AM +0100, Reindl Harald wrote: > > > > > > > > > Am 04.01.2017 um 01:35 schrieb Nex6: > > > >I have a very specific issue, where a partner org, wants me to add an > > > >SRV record for there org. (i dont want to) > > > > > > > >- NOTE: and its for a major cloud app (to remain nameless) that points > > > >back to there active directoy. > > > > > > > >but this is a requirement for a cloud application. the only solution I > > > >can think of so far, is build out a new DNS box for just the users > > > >that need to use this application. > > > > > > > >and add the SRV record there. but, not sure how you could setup a > > > >secondary zone, thats writeable? > > > > > > you can't write in a slave zone > > > > > > https://kb.isc.org/article/AA-00851/0/Understanding-views-in-BIND-9-by-exam > > ple.html > > > > > > yes, I know thats why I asked if there was a way to do this. I suspect > > i am stuck. > > You don't need to modify a zone to graft on a SRV record as it will be > prefixed with one or more labels. You add a zone for that name. > > _example._tcp.example.com > > Now if _tcp.example.com already exists you add _example._tcp.example.com with > zone content similar to this: > > @ SOA ... > @ NS ... > @ SRV .... > > If _tcp.example.com does not already exist you add _tcp.example.com with zone > content similar to this: > > @ SOA ... > @ NS ... > _example SRV .... > > This prevents your clients seeing NXDOMAIN for _tcp.example.com. > > The better way to do all this however would be for the partner to > create the relevant zones with the SRV records (giving them change > control of the contents) and have you slave them on your recursive > servers possibly using TSIG to get the correct instance from them. > They can supply you with example.com with the SRV records present > or one of the above zones. You clients see will see > _example._tcp.example.com either way and it deals with their paranoia > over publishing a SRV record to the world. > > There is no need for you to muck with views for this. > > Mark
hmmm, I wonder if a forward zone would work? or maybe us slaving there zone might be better. > > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe > > from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users