FW: Delegation in BIND 8

Loucks, Guy Guy.Loucks at det.nsw.edu.au
Wed Sep 20 06:43:10 UTC 2000


More information:

# nslookup
Default Server:  localhost
Address:  127.0.0.1

> set type=any
> lab
Server:  localhost
Address:  127.0.0.1

lab
        origin = labrootdc1.win.lab
        mail addr = bind.watt.itbnetman.det.nsw.EDU.AU
        serial = 501
        refresh = 10800 (3H)
        retry   = 3600 (1H)
        expire  = 604800 (1W)
        minimum ttl = 86400 (1D)
lab     nameserver = labrootdc1.win.lab
lab     nameserver = labrootdc2.win.lab
lab     nameserver = labrootdc1.win.lab
lab     nameserver = labrootdc2.win.lab
labrootdc1.win.lab      internet address = 153.107.59.131
labrootdc2.win.lab      internet address = 153.107.59.132
> det.lab
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
det.lab nameserver = labrootdc1.win.lab
det.lab nameserver = labrootdc2.win.lab

Authoritative answers can be found from:
det.lab nameserver = labrootdc1.win.lab
det.lab nameserver = labrootdc2.win.lab
labrootdc1.win.lab      internet address = 153.107.59.131
labrootdc2.win.lab      internet address = 153.107.59.132
> webmail.det.lab
Server:  localhost
Address:  127.0.0.1

*** localhost can't find webmail.det.lab: Non-existent host/domain

>>>> WE SHOULD BE DELEGATING HERE!!!


> server 153.107.59.131
Default Server:  labrootdc1.win.lab
Address:  153.107.59.131

> webmail.det.lab
Server:  labrootdc1.win.lab
Address:  153.107.59.131

webmail.det.lab canonical name = labexch5.labitb.det.lab
labexch5.labitb.det.lab internet address = 153.107.59.143
>

> det.lab.
Server:  labrootdc1.win.lab
Address:  153.107.59.131

det.lab internet address = 169.254.23.183
det.lab internet address = 153.107.59.131
det.lab internet address = 153.107.59.132
det.lab nameserver = labrootdc1.det.lab
det.lab nameserver = labrootdc2.det.lab
det.lab
        origin = labrootdc1.det.lab
        mail addr = administrator.det.lab
        serial = 206
        refresh = 900 (15M)
        retry   = 600 (10M)
        expire  = 86400 (1D)
        minimum ttl = 3600 (1H)
labrootdc1.det.lab      internet address = 153.107.59.131
labrootdc2.det.lab      internet address = 153.107.59.132
>


>  -----Original Message-----
> From: 	Loucks, Guy  
> Sent:	Wednesday, September 20, 2000 4:39 PM
> To:	'bind-users at isc.org'
> Subject:	Delegation in BIND 8
> 
> People,
> 
> Further to my previous note the other week, we are still having some
> peculiar errors with BIND 8. It appears that it simply will not delegate.
> There has to be something simple missing.
> 
> Servers 153.107.41.18 and 146 are our external DNS servers. With a subset
> of externally visible DNS information.
> 
> Our internal servers consolidate up to our "primary", we have geographic
> secondary servers located throughout the state.
> 
> We are in the process of looking at the Windows 2000 product, to do that
> we need to isolate a DNS area for them to keep information the business
> simply does not require out of our core servers.
> 
> To do this we have set up a phantom root:
> 
> DET.LAB
> 
> And we are trying to delegate this to the W2k AD servers. When we query
> the W2k boxes, they appear happy. However we can not get the main DNS
> server to talk with it:
> 
> Sep 20 15:45:27 erg named[502]: /etc/namedb/named.conf:4963: syntax error
> near forward
> Sep 20 15:45:27 erg named[502]: no type specified for zone 'det.lab'
> Sep 20 15:45:27 erg named[502]: zone 'det.lab' did not validate, skipping
> Sep 20 15:45:27 erg named[502]: /etc/namedb/named.conf:4973: syntax error
> near '}'
> 
> The second line above seems to be the key. The named.conf extract is
> below. We have tired it with and without forward only. We have tried
> removing all forwarders and setting up phantom entries in named.ca for our
> external DNS servers, to no avail.
> 
> Your thoughts would be most appreciated. Please email me directly and I
> will summarise again.
> 
> options {
>         directory "/etc/namedb/ns_db";
> //      forward only;
>         forwarders {
>                 153.107.41.18;
>                 153.107.41.146;
>                 153.107.41.18;
>                 153.107.41.146;
>                 153.107.41.18;
>                 153.107.41.146;
>         };
>         multiple-cnames yes;
>         version "Surely you must be joking!";
>         /*
>          * If there is a firewall between you and nameservers you want
>          * to talk to, you might need to uncomment the query-source
>          * directive below.  Previous versions of BIND always asked
>          * questions using port 53, but BIND 8.1 uses an unprivileged
>          * port by default.
>          */
>         // query-source address * port 53;
> };
> 
> //
> // named.boot file for NSW DET DNS services.
> //
> 
> <SNIP>
> 
> zone "det.lab" {
>         type forward;
>         forward only;
>         forwarders {
>         153.107.59.131;
>         153.107.59.132;
>         153.107.59.131;
>         153.107.59.132;
>         153.107.59.131;
>         153.107.59.132;
>         };
> };
> 
> "named.conf" 5009 lines, 86932 characters
> 
> Cheers,
> 
> Guy
> 
> Guy R. Loucks
> Senior Unix Systems Administrator
> Networks Branch
> NSW Department of Education & Training
> Information Technology Bureau
> Direct +61 2 9942 9887
> Fax +61 2 9942 9600
> Mobile +61 (0)429 041 186
> Email guy.loucks at det.nsw.edu.au
> 
> 



More information about the bind-users mailing list