Skip to content

WIP: Zone forwarding module

Jan Včelák requested to merge zone-forward into master

This is a sketch of a module which injects synthetic zone cuts to perform true zone forwarding. The difference from policy module is that this module redirects queries to authoritative server even when following CNAME and respects delegations present within the forwarded zone.

There is a couple of problems that need to be resolved:

  • The module introduces yet another flag to handle zone cuts, namely KEEP_CUT. This flag prevents iterate module overwrite to overwrite the cut synthesized by this module. I think this could be eliminated by some smarter logic in the iterate module and couple of other places.
  • Decide if this should be separate module or part of policy module. The module is quite simple, it could also easily be rewritten in Lua. I switched to C to access zone cuts API.
  • Decide how the module should be configured and how to make it scale for many zones.
  • Resolve how to configure port number in forwarding.
  • Resolve how to handle DNSSEC configuration for forwarded zones. Currently, the module turns off validation.
  • Resolve how to control cache for the forwards. (I have a use case where I need the cache to be disabled entirely for the forwarded queries.)

Thank you for any feedback.

Merge request reports