Version 9.8.0b1 of BIND brings with it a new zone type, which IIRC was
developed by the DeNIC. It is called a static-stub
, and it allows an
administrator to force queries for a particular zone to go to specified
addresses instead of BIND recursing for the name server records of that
zone.
So, for example, suppose you have a zone called uno.aa
and you want BIND to
direct queries at your name server located at mynameserver.example.com
,
you’d set up a static-stub
zone as
zone "uno.aa" {
type static-stub;
server-names {
"mynameserver.example.com";
};
// server-addresses {
// 192.168.1.2;
// };
}
Instead of using server-names
, you can use server-addresses
.
So, I hear you asking, what’s the difference between static-stub
and a
forwarding zone? The difference is that with the former, BIND sends non-
recursive queries (RD bit clear), whereas with the latter, the RD (recursion
desired) is set.
Oh, and to forestall a question: yes, DNSSEC-signed zones work as well. Simply
add your key material to the trusted-keys
configuration, and Bob’s your
uncle.
trusted-keys {
uno.aa 257 3 7
"AwEAAQsF/yU47wzGZ8ZmUTFfxSeHuvpEMqZ5ZL8C58njeHkvBBRpScu0
...
tzyvx1hWsXaFfj8kdjQgLKWGcSpBO1/s/PPPtx+YiAsGlh2X+fVoxJ8O
373hlGWRRBjKXnc=";
};
Very practical for testing, at the moment.