Athority in Bind 9

Ruben I Safir - Brooklyn Linux Solutions CEO ruben at mrbrklyn.com
Sun Feb 11 03:47:37 UTC 2001




> 
> You mean only one *usable* authority record, right? home.rm-cpa.com is not
usable
> because it's on a private address. 

Right  The other address is the internal addres of the same machine.


> They shouldn't be advertising that publically. Seems
> someone needs to learn how to do split DNS...

Amoung other things about DNS

I've removed that record as the NS record and changed the serial numbers 
and restarted named

> In this case, yes. wynn.com is delegated from .com to 3 nameservers. But you
can only
> tell that for sure by querying the .com servers directly. 

OK - How would I go about doing this?


> Well, I'm not surprised. Not only is mail.rm-cpa.com publishing one bogus and
only one
> working NS for rm-cpa.com,
 but two of the three delegated servers for that domain are
> *not*only* lame, they are also returning an SOA-less authoritative NXDOMAIN
for
> everything outside of their authoritative zones (except for the root zone,
which
> returns FORMERR). 


How do you get that infomration?

When I checked the com site I get this....


> dig @com rm-cpa.com 

; <<>> DiG 8.2 <<>> @com rm-cpa.com 
; Bad server: com -- using default server and timer opts
; (2 servers found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      rm-cpa.com, type = A, class = IN

;; AUTHORITY SECTION:
rm-cpa.com.             1D IN SOA       rm-cpa.com. root.home.rc-cpa.com. (
                                        5               ; serial
                                        12H             ; refresh
                                        1H              ; retry
                                        4W              ; expiry
                                        1D )            ; minimum


;; Total query time: 2 msec
;; FROM: superman.rm-cpa.com to SERVER: default -- 192.168.0.100
;; WHEN: Sat Feb 10 22:39:58 2001
;; MSG SIZE  sent: 28  rcvd: 81



There is no machine rm-cpa.com and I see nothing about the up stream
DNS which I thought we had.



>All of this makes resolution of rm-cpa.com names rather difficult: a
> two-thirds chance of getting a bad delegation to start with, and a Single
Point of
> Failure even if you get "lucky". Talk about running the gauntlet...
> 
> > Can I use anyone as a authoritative
> > DNS and just make a record?
> 
> Sure, technically you can delegate to anyone. But it's rude to delegate
without
> permission, 

Yeah - I ment someone who I know and a friend - or myself

Would I do this by just adding the authoritative servers to the
NS records?



-- 
Brooklyn Linux Solutions
http://www.mrbrklyn.com
http://www.brooklynonline.com

1-718-382-5752



More information about the bind-users mailing list