04-09-2018 05:52 AM
I have a question regarding forwarding vs delegation. according to my understanding, we can use conditionnal forwarding instead of delegation. That's why I don't know why the concept of delegation has been created.
Can somebody help ?
04-09-2018 06:31 AM
You can create a Forward zone to send queries for a particular domain to specific name server(s). The Forward zone does not need to be a child of a domain that you own. Instead, it can be any zone you'd like to send clients to specific servers to resolve. These servers necessarily doesn’t need to be authoritative for the domain & could be just another recursive name server. A delegation, on the other hand, involves delegating a specific child zone to a set of name servers. These “delegated servers” should be authoritative for the domain that you delegate as well. In summary, you can create a Forward zone for just about any DNS zone, but may only create a delegation of a zone for which you're already authoritative. In both cases you may need to ensure the routes & in case of delegation, the name of the delegated name server should be resolvable by the local DNS server in which you create the delegation.
An example of delegation vs forward zone :
Let’s say, there is a remote office with its own name servers, and you want it to manage its own local data. I’ll call the remote domain to be “remote.test.corp”. Consider that your corporate office manages “test.corp”. On the name server at the main corporate office, define the remote office zone as delegated, and then specify the remote office name servers as authorities for the zone.
On the other hand if this was to be handled by conditional forwarding or a forward zone, you can almost add any DNS server as a forwarder which you believe to be able to resolve the queries pointed to “remote.test.corp”. At the same time, its not necessary that your corporate office should be authoritative for “test.corp”. Any queries to your corporate server for “remote.test.com” would be simply forwarded to the forwarder added.
Hope that’ll address your question. Please feel to post questions if any.
04-11-2018 07:08 AM
Thanks Mohammed for the reply,
Actually, I still don't understand what we can create a forward to a subzone on infoblox. If our server manages example.com, we can create a subzone test.example.com forward OR delegated to another server.
What is the difference between the 2 methods?
If we manage example.com, delegated server for test.example.com MUST be authorative for test... right?
I believe it is possible to create a forward for test.example.com if the forwarded server also forwards the domain, am I right?
04-11-2018 04:39 PM
Your interpretation about delegation is absolutely correct. I’ll just fill up one of your statements :
“What is the difference between the 2 methods?
If we manage example.com & if I am planning to add a delegation, delegated server for test.example.com MUST be authoritative for test.example.com right?” – Correct.
What you’ve stated about forward zone is perfectly right & that’s what makes the difference. I see where you are confused : As per the example that you’ve stated, ‘test.example.com’ could be added either as a forward zone or as delegation(As long as you could delegate it to real authoritative servers ). While in this case, delegation would be the right configuration as you are managing the subdomain. Forwarder can be used when you are not sure who is the authoritative, but knows a server which can find answers to this subdomain.
Hope this addresses your concern.