domain delegation and "dynamic" DNS

Barry Margolin barmar at bbnplanet.com
Tue Aug 31 14:55:11 UTC 1999 

In article <7071.936073438 at joshua>, Jim Ault  <aultj at joshua.crd.ge.com> wrote:
>I have two questions  (BIND 8.2.1, Solaris 5.7)
>
>1) Delegation 
>
>I have just finished configuring a software package on NT 4.0 to 
>serve a DHCP pool of addresses and also to serve a "dynamic" DNS zone for
>that pool of addresses.  That part works now, as verified from within
>the package, and from nslookup, when pointed directly at this NT server.
>
>However, I have added some delegation records to my BIND 8.2.1 server to
>delegate this subdomain to the NT box, with the intent that both forward
>and reverse lookups would recurse through my primary BIND server to the
>NT box to get the desired data.  
>
>But my primary server does not appear to be recursing properly 
>to the delegated server.   When I tested the NT box for DNS lookups
>by directing nslookup to that server IP address, and testing forward and
>reverse lookups, the both worked.  But when I give the same forward and
>reverse lookups to my primary server, the response is "no such domain".
>
>Am I missing something?  I have attempted to delegate both the forward
>and reverse lookups with the lines shown below (in the appropriate files).
>yes, I have BIND&DNS 3rd edition, and I followed the examples as best I
>could.  Perhaps the extra A record is causing me trouble?
>The <A.B.C.D> is a std IP address, along with C.B.A as you would expect
>in a reverse zone.
>
>dhcp.crd.ge.com.    IN      NS      dhcp1.dhcp.crd.ge.com.
>                            A       A.B.C.D
>dhcp1.dhcp.crd.ge.com.      IN  A   A.B.C.D
>
>C.B.A.IN-ADDR.ARPA.   IN      NS      dhcp1.dhcp.crd.ge.com.

This looks fine, although you shouldn't need the A record for
dhcp.crd.ge.com (it should be ignored by named, with a warning about it
being out of the zone).  You *do* need the A record for
dhcp1.dhcp.crd.ge.com; this is a glue record that's needed because the
subdomain server is in the subdomain (to solve the chicken-and-egg
problem).

The only reason I can think of why this wouldn't work is if you have
"forwarders" configured on this server.  In that case it won't follow
NS records, it will send to its forwarder.  Since you're using BIND 8.2 you
can disable forwarding for your local hierarchy by adding 'forwarders {};'
to the zone entry for crd.ge.com.

>2) Dynamic DNS
>
>Let's also say that this NT box is sending "dynamic DNS updates" to my
>BIND 8.2.1 server as well as to itself (running some NT DNS server).
>
>I get errors like this:
>
>===
>Aug 26 11:36:32 crdns named[25570]: rcvd NOTIFY(C.B.A.in-addr.arpa, IN,
>SOA) from [A.B.C.D].53
>Aug 26 11:36:32 crdns named[25570]: rcvd NOTIFY for
>"C.B.A.in-addr.arpa", name not one of our zones
>Aug 26 11:36:53 crdns named[25570]: rcvd NOTIFY(dhcp.crd.ge.com, IN, SOA)
>from [A.B.C.D].53
>Aug 26 11:36:53 crdns named[25570]: rcvd NOTIFY for "dhcp.crd.ge.com",
>name not one of our zones
>===
>
>What does this mean in terms of delegation (question I asked above)
>regarding a domain or a subdomain.  I did the delegation because I knew
>the NT box would want to be "master" of something, so I gave it a small
>subdomain to be master of.  

These aren't dynamic updates, they're notifies.  Notifies are sent by a
master server to its slave servers, to tell them that the zone has changed
and they should perform a zone transfer.  The warnings are coming because
crdns is not configured as a slave server for either of these zones.

>Can my bind 8.2.1 server be the master of A.B.*.* and the forward
>and reverse name zones that go with it, while also allowing this NT
>dynamic DNS program to push this data in to my BIND server without
>delegating a subdomain?  Does this mean that the NT box thinks it is the
>master of that primary zone?  (I don't think I can allow that..)

I thought you wanted the NT box to be master of the subzone, because it's
updating it based on DHCP.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list