Kevin,
Thanks for this post. Its the most succinct description of stub zones
I've ever read. I've often tried to wrap my head around when to use a
stub and when to use a conditional forwarder and I *think* your
description has cleared that up for me.
On Wed, Nov 05, 2014 at 03:21:00PM +, Darcy Kevin (FCA) wrote:
> My attempt to explain "stub"...
>
> It's like conditional forwarding, without the recursion. You tell named where
> the top of the namespace tree is hosted, and it issues *iterative* (=
> non-recursive) queries for names in that part of the tree. (Unless, of
> course, you have a definition further down in that namespace that overrides
> the behavior).
>
> As someone else pointed out, this raises the requirement that you have
> *direct* connectivity to the published authoritative nameservers for the top
> level of the zone, and any other descendant zones (unless, again, you
> override those parts of the namespace tree with some other definition). In a
> DMZ environment, you may not have open and clear communication to
> *everything* that you need, and therefore "stub" might not be a good fit in
> that case. You might be forced, as a last resort, to use forwarding, in such
> a scenario.
>
> Beyond that understanding, there are differences in how named *gets* the
> apex-NS information for a "stub" zone. The "classic" stub model is to use a
> similar replication method as slaving, i.e. driven by the
> REFRESH/RETRY/EXPIRE settings in the SOA of the zone. This will generate
> periodic refresh traffic in the form of SOA and/or NS queries. With the newer
> "static-stub" model (which, full disclosure, I've never actually *used*),
> apparently you just plug the addresses of the auth servers directly into the
> config, and no "refreshing" is necessary. There are pros and cons, that come
> to mind, for each of those flavors of "stub".
>
>
> - Kevin
>
> -Original Message-
> From: bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Tony Finch
> Sent: Tuesday, November 04, 2014 5:10 AM
> To: houguanghua
> Cc: bind-users@lists.isc.org
> Subject: RE: forwarding zone to another DNS server problem
>
> houguanghua wrote:
>
> > I 'm not familiar with'stub'. The description of 'stub' is hard to
> > understand.
>
> Yes it's a bit weird. Think of it like the root hints but for other zones:
> i.e. a hint zone configuration in a recursive server tells named that instead
> of using a referral from the parent zone to find the name servers for this
> zone, use these configured name servers. However the name servers at the
> zone's apex can override your configuration.
>
> If you use static-stub instead, your configured name servers override all
> name servers for the zone that your name server might receive.
>
> The difference with forwarding zones occurs if there is a delegation point
> below the zone you have configured. With a fowarding zone, named expects the
> target name server to do recursion, so the target server will deal with
> following the referral and resolving the final answer. With a stub zone,
> named expects to get authoritative answers and referrals to child zones, and
> it will do its own recursion to resolve the final answer.
>
> Tony.
> --
> f.anthony.n.finchhttp://dotat.at/ Viking, North North
> Utsire: Cyclonic, becoming northeasterly 6 to gale 8, occasionally severe
> gale 9. Moderate or rough, becoming rough or very rough.
> Rain or showers. Good, occasionally poor.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Joshua Smith
Lead Systems Administrator WVNET
(304)293-5192 x247
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users