Dual DNS server help
Douglas, Earl
edouglas at kpmg.ca
Fri May 12 13:37:57 UTC 2000
Your internal DNS is authoratative for somedomain.com, meaning it will not
try to ask any other server about your request.
If you want to be able to resolve the host name www.somedomain.com, you wil
have to put a host entry for it in the db file of your internal DNS server.
Earl D
-----Original Message-----
From: Gary Foulds [mailto:gary.foulds at cplaromas.com]
Sent: Friday, May 12, 2000 5:47 AM
To: bind-users at isc.org
Subject: Dual DNS server help
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
All
Can anyone help me with a small problem.
I am in the process of installing a new DNS for our company. this DNS is to
be a dual system. using an Internal and External servers.
I have managed to get this to work in a chroot environment and both servers
are making the correct responses to queries, i.e. the external DNS looks to
the Internet to resolve IP's and the Internal DNS resolves internal requests
and passes external requests to the External server, this part is working
correctly.
What I am trying to do is this.
External Server www.somedomain.com. IN A 192.168.2.6
Internal Server int-ns.somedomain.com IN A 10.5.3.1
if I do a query from the Internal server for int-ns.somedomain.com it
returns the correct address 19,5,3,1 but if I query www.somedomain.com the
internal server does not pass this to the external server, it just returns
unknown address. both domains are the same name, and I was under the
impression, rightly or wrongly that if the internal DNS did not find it, it
would ask the external DNS but this is not what is happening
I have included both named.conf files in this for clarity, I think that I
have missed a line out somewhere in the internal named.conf file
Help is appreciated.
Internal named.conf (names changed to protect the innocent)
#======================================================
# named.conf for dbfiles_internal directory.
#
# NOTE: Comments in this file begin with a # symbol.
#
# NOTE: Remember we're chrooted. Don't break the paths
# below by forgetting that.
#======================================================
options {
directory "/zonefiles_internal";
pid-file "/zonefiles_internal/internal.pid";
named-xfer "/sbin/named-xfer";
#
# specify the internal IP address of this box
listen-on { 10.5.3.1; };
#
# specify the external IP address of this box
forwarders { 192.168.2.6; };
#
# only allow queries fromthis source.
allow-query { 10.0.0/8; };
};
controls{
unix "/zonefiles_internal/ndc_internal"
perm 0600
owner 0
group 0;
};
zone "somedomain.com" in {
type master;
file "com/somedomain.zone";
};
#zone "1.168.192.in-addr.arpa" in {
# type master;
# file "db.192.168.1";
#};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "." in {
type hint;
file "root.hint";
};
External named.conf
#======================================================
# named.conf for dbfiles_external directory.
#
# NOTE: Comments in this file begin with a # symbol.
#
# NOTE: Remember we're chrooted. Don't break the paths
# below by forgetting that.
#======================================================
options {
directory "/zonefiles_external";
pid-file "/zonefiles_external/external.pid";
named-xfer "/sbin/named-xfer";
#
# depending on how/if you packet filter, you may
# want this. AFAIK, it doesn't hurt.
query-source address * port 53;
#
# global options set to only allow queries from
# us. We explicitly allow our served zones to be
# queried on a per-zone basis later in this file.
allow-query { 10.5.3.1; 192.168.2/24; };
listen-on { 192.168.2.6; 127.0.0.1; };
};
controls{
unix "/zonefiles_external/ndc_external"
perm 0600
owner 0
group 0;
};
zone "somedomain.com" in {
type master;
file "com/somedomain.zone";
allow-query { any; };
# allow-transfer { 172.16.12.10; 10.0.0.1; };
allow-transfer { 192.168.2/27 10.5.3.1; };
};
#zone "10.16.172.in-addr.arpa" in {
# type master;
# allow-query { any; };
# file "db.172.16.10";
# allow-transfer { 172.16.12.10; 10.0.0.1; };
#};
zone "0.0.127.in-addr.arpa" in {
type master;
allow-query { any; };
file "db.127.0.0";
};
zone "." in {
type hint;
file "root.hint";
};
Directory structure is similar to this one
ls -lR /usr/local/bind/dbfiles_*
/usr/local/bind/dbfiles_external:
total 18
-rw-r--r-- 1 root root 678 Nov 14 22:28 db.127.0.0
-rw-r--r-- 1 root root 690 Nov 14 22:29 db.172.16.10
-rw-r--r-- 1 root root 2769 Aug 1 12:55 db.cache
-rw-r--r-- 1 root root 1508 Nov 14 22:46 db.somedomain.com
-rw-r--r-- 1 root root 1425 Nov 19 22:29 named.conf
/usr/local/bind/dbfiles_internal:
total 18
-rw-r--r-- 1 root root 669 Nov 14 22:30 db.127.0.0
-rw-r--r-- 1 root root 800 Nov 14 22:30 db.192.168.1
-rw-r--r-- 1 root root 2769 Aug 1 12:54 db.cache
-rw-r--r-- 1 root root 1062 Nov 14 22:31 db.somedomain.com
-rw-r--r-- 1 root root 1004 Nov 19 22:38 named.conf
Gary Foulds
Group IT Manager
CPL Aromas Plc
Tel: +44 127 971 7229
Mobile: +44 794 121 5616
-- Binary/unsupported file stripped by Listar --
-- Type: image/jpeg
-- File: Notebook.jpg
******************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement contract.
******************************************************************************
-- HTML Attachment decoded to text by Listar --
RE: Dual DNS server help
Your internal DNS is authoratative for somedomain.com, meaning it will not
try to ask any other server about your request.
If you want to be able to resolve the host name www.somedomain.com, you wil
have to put a host entry for it in the db file of your internal DNS server.
Earl D
-----Original Message-----
From: Gary Foulds [mailto:gary.foulds at cplaromas.com[1]]
Sent: Friday, May 12, 2000 5:47 AM
To: bind-users at isc.org
Subject: Dual DNS server help
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
All
Can anyone help me with a small problem.
I am in the process of installing a new DNS for our company. this DNS is to
be a dual system. using an Internal and External servers.
I have managed to get this to work in a chroot environment and both servers
are making the correct responses to queries, i.e. the external DNS looks to
the Internet to resolve IP's and the Internal DNS resolves internal requests
and passes external requests to the External server, this part is working
correctly.
What I am trying to do is this.
External Server www.somedomain.com. IN A 192.168.2.6
Internal Server int-ns.somedomain.com IN A 10.5.3.1
if I do a query from the Internal server for int-ns.somedomain.com it
returns the correct address 19,5,3,1 but if I query www.somedomain.com the
internal server does not pass this to the external server, it just returns
unknown address. both domains are the same name, and I was under the
impression, rightly or wrongly that if the internal DNS did not find it, it
would ask the external DNS but this is not what is happening
I have included both named.conf files in this for clarity, I think that I
have missed a line out somewhere in the internal named.conf file
Help is appreciated.
Internal named.conf (names changed to protect the innocent)
#======================================================
# named.conf for dbfiles_internal directory.
#
# NOTE: Comments in this file begin with a # symbol.
#
# NOTE: Remember we're chrooted. Don't break the paths
# below by forgetting that.
#======================================================
options {
directory "/zonefiles_internal";
pid-file "/zonefiles_internal/internal.pid";
named-xfer "/sbin/named-xfer";
#
# specify the internal IP address of this box
listen-on { 10.5.3.1; };
#
# specify the external IP address of this box
forwarders { 192.168.2.6; };
#
# only allow queries fromthis source.
allow-query { 10.0.0/8; };
};
controls{
unix "/zonefiles_internal/ndc_internal"
perm 0600
owner 0
group 0;
};
zone "somedomain.com" in {
type master;
file "com/somedomain.zone";
};
#zone "1.168.192.in-addr.arpa" in {
# type master;
# file "db.192.168.1";
#};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "." in {
type hint;
file "root.hint";
};
External named.conf
#======================================================
# named.conf for dbfiles_external directory.
#
# NOTE: Comments in this file begin with a # symbol.
#
# NOTE: Remember we're chrooted. Don't break the paths
# below by forgetting that.
#======================================================
options {
directory "/zonefiles_external";
pid-file "/zonefiles_external/external.pid";
named-xfer "/sbin/named-xfer";
#
# depending on how/if you packet filter, you may
# want this. AFAIK, it doesn't hurt.
query-source address * port 53;
#
# global options set to only allow queries from
# us. We explicitly allow our served zones to be
# queried on a per-zone basis later in this file.
allow-query { 10.5.3.1; 192.168.2/24; };
listen-on { 192.168.2.6; 127.0.0.1; };
};
controls{
unix "/zonefiles_external/ndc_external"
perm 0600
owner 0
group 0;
};
zone "somedomain.com" in {
type master;
file "com/somedomain.zone";
allow-query { any; };
# allow-transfer { 172.16.12.10; 10.0.0.1; };
allow-transfer { 192.168.2/27 10.5.3.1; };
};
#zone "10.16.172.in-addr.arpa" in {
# type master;
# allow-query { any; };
# file "db.172.16.10";
# allow-transfer { 172.16.12.10; 10.0.0.1; };
#};
zone "0.0.127.in-addr.arpa" in {
type master;
allow-query { any; };
file "db.127.0.0";
};
zone "." in {
type hint;
file "root.hint";
};
Directory structure is similar to this one
ls -lR /usr/local/bind/dbfiles_*
/usr/local/bind/dbfiles_external:
total 18
-rw-r--r-- 1 root root 678 Nov 14 22:28 db.127.0.0
-rw-r--r-- 1 root root 690 Nov 14 22:29 db.172.16.10
-rw-r--r-- 1 root root 2769 Aug 1 12:55 db.cache
-rw-r--r-- 1 root root 1508 Nov 14 22:46 db.somedomain.com
-rw-r--r-- 1 root root 1425 Nov 19 22:29 named.conf
/usr/local/bind/dbfiles_internal:
total 18
-rw-r--r-- 1 root root 669 Nov 14 22:30 db.127.0.0
-rw-r--r-- 1 root root 800 Nov 14 22:30 db.192.168.1
-rw-r--r-- 1 root root 2769 Aug 1 12:54 db.cache
-rw-r--r-- 1 root root 1062 Nov 14 22:31 db.somedomain.com
-rw-r--r-- 1 root root 1004 Nov 19 22:38 named.conf
Gary Foulds
Group IT Manager
CPL Aromas Plc
Tel: +44 127 971 7229
Mobile: +44 794 121 5616
-- Binary/unsupported file stripped by Listar --
-- Type: image/jpeg
-- File: Notebook.jpg
*****************************************************************************
˜¤�*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement contract.
*****************************************************************************
*
--- Links ---
1 mailto:gary.foulds at cplaromas.com
More information about the bind-users
mailing list