Multiple domains on same ip (virtual hosting) - correct way?

Peter Rose peter.rose1 at ntlworld.com
Wed Nov 8 16:36:05 UTC 2000


Hello,

apologies in advance if this subject is well-covered somewhere, but I
have been through the Cricket book and followed this list and other
resources extensively and I really can't figure out the correct
solution.

I am overhauling the dns for a small server which has only 8 IP's.

We have our main domain, cyberscreen.com, and then we carry a couple of
dozen other domains that are virtual www hosts on two of those ip's.

The virtual hosts are required to have email aliasing facilities, so we
need an MX record for each.

Up to now, we have accomplished this by having a separate zonefile and
reverse file for each virtual host, but we now realise our reverse dns
is incorrect.

Here's what I mean:

main zonefiles for cyberscreen.com:

cyberscreen.com.               IN                             SOA
ns1.cyberscreen.com.           webmaster.cyberscreen.com.     (
2000110601                     ; Serial
10800                                                         ;Refresh
after 3 hours
3600                                                          ;Retry
after 1 hour
604800                         ;Expire after 1 week
86400 )                        ;Minimum TTL 1day

;name servers

cyberscreen.com.               IN                             NS
ns1.cyberscreen.com.
cyberscreen.com.               IN                             NS
ns2.cyberscreen.com.

;Host addresses

localhost.cyberscreen.com.     IN                             A
127.0.0.1
server.cyberscreen.com.                                       IN A
212.87.82.24
media.cyberscreen.com.                                        IN A
212.87.82.25
secure.cyberscreen.com.                                       IN A
212.87.82.26
mail.cyberscreen.com.                                         IN A
212.87.82.27
ns1.cyberscreen.com.                                          IN A
212.87.82.28
ns2.cyberscreen.com.                                          IN A
212.87.82.29

;mail records

cyberscreen.com.                                                IN  MX
10                             mail.cyberscreen.com.

;Aliases

www.cyberscreen.com.                                          IN CNAME
server.cyberscreen.com.
ftp.cyberscreen.com.                                          IN CNAME
server.cyberscreen.com.                                       
pop3.cyberscreen.com.                                         IN CNAME
mail.cyberscreen.com.
  

and for the reverse mappings:


24.82.87.212.in-addr.arpa.     IN                             SOA
ns1.cyberscreen.com.           webmaster.cyberscreen.com.     (
20000110601                    ; Serial
10800                                                         ;Refresh
after 3 hours
3600                                                          ;Retry
after 1 hour
604800                         ;Expire after 1 week
86400 )                        ;Minimum TTL 1 day

;name servers

28.82.87.212.in-addr.arpa.     IN                             NS
ns1.cyberscreen.com.
29.82.87.212.in-addr.arpa.     IN                             NS
ns2.cyberscreen.com.

;addresses to canonical names

24.82.87.212.in-addr.arpa.     IN                             PTR
server.cyberscreen.com.
25.82.87.212.in-addr.arpa.     IN                             PTR
media.cyberscreen.com.
26.82.87.212.in-addr.arpa.     IN                             PTR
secure.cyberscreen.com.
27.82.87.212.in-addr.arpa.     IN                             PTR
mail.cyberscreen.com.
28.82.87.212.in-addr.arpa.     IN                             PTR
ns1.cyberscreen.com.
29.82.87.212.in-addr.arpa.     IN                             PTR
ns2.cyberscreen.com.
=======================

then for each virtual host we have this:

abechi.co.uk.                  IN                             SOA
ns1.cyberscreen.com.           webmaster.abechi.co.uk.        (
2000050401                     ; Serial
10800                                                         ;Refresh
after 3 hours
3600                                                          ;Retry
after 1 hour
604800                         ;Expire after 1 week
86400 )                        ;Minimum TTL 1day

;name servers

abechi.co.uk.                  IN                             NS
ns1.cyberscreen.com.
abechi.co.uk.                  IN                             NS
ns2.cyberscreen.com.

;Host addresses

;are these needed if this is only a virtualhost

;mail records

abechi.co.uk.                  IN                             MX 10
mail.cyberscreen.com.



;Aliases
;as this is a virtual host, I assume www.virtualhost to be aliased     
;back to the CNAME of the main server

www.abechi.co.uk.              IN                             CNAME
server.cyberscreen.com.        

=======================================================

Then this reverse mapping for each vhost:


24.82.87.212.in-addr.arpa.     IN                             SOA
ns1.cyberscreen.com.           webmaster.abechi.co.uk.        (
2000050401                     ; Serial
10800                                                         ;Refresh
after 3 hours
3600                                                          ;Retry
after 1 hour
604800                         ;Expire after 1 week
86400 )                        ;Minimum TTL 1day

;name servers

28.82.87.212.in-addr.arpa.     IN                             NS
ns1.cyberscreen.com.
29.82.87.212.in-addr.arpa.     IN                             NS
ns2.cyberscreen.com.

;addresses to canonical names
;one PTR record made only as this is a virtualhost.

24.82.87.212.in-addr.arpa.     IN                             PTR
server.cyberscreen.com.
==================================

Then in named.conf we have this:

//zone entries for my FQDN

zone "cyberscreen.com" {
                               type master;
                               file "cyberscreen.hosts";
};

zone "24.82.87.212.in-addr.arpa"{
                               type master;
                               file "cyberscreen.reverse";
};

zone "." {
                               type hint;
                               file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
                               type master;
                               file "local.reverse";
};

//zone entries for virtual hosts referenced in Apache config.

zone "abechi.co.uk" {
                               type master;
                               file "abechi.hosts";
};

zone "24.82.87.212.in-addr.arpa"{
                               type master;
                               file "abechi.reverse";
};


=========and so on for each virtual host==============


Now, this set-up has actually worked for the last year, but I am aware
that the reverse dns is incorrect (or worse)

As we have got 24.82.87.212.in-addr.arpa. in each reverse file, which of
course is a host and not a zone, the other ip's in cyberscreen.reverse
are rejected as out of zone, and then the subsequent reverse files which
also start with 24.82.87.212.in-addr.arpa. are rejected because we are
getting "cannot redefine zone" errors.

In practice, all the forward lookups have been working, all the websites
have been accessible and indeed all the aliased email has been getting
delivered (phew!)

however, I believe that the latest version of sendmail automatically
tries a reverse lookup on the sender of each message, and we have
started to find that web forms (sent from our cyberscreen.com server)
are being rejected by remote mailers running new sendmail because they
can't do the reverse lookup properly (we think).

So I guess, in a nutshell, the questions are:

what is the correct notation for the reverse zone - it can't be
82.87.212.in-addr.arpa. because we only have 8 ip's on that network.
Should it be 24-31.82.87.212.in-addr.arpa.?

and:

Do we really need separate zonefiles for each of the virtual hosts?

Any help or referral to a pre-existing faq greatly appreciated.

Peter Rose
London UK



"I don't like your fashion business mister" 
  - Leonard Cohen / First We Take Manhattan



More information about the bind-users mailing list