New domain delegation question (WAS: RE: How good is BIND?)

Von Alt, William William.VonAlt at hq.doe.gov
Mon Jun 11 14:47:49 UTC 2001




-----Original Message-----
From: Bill Larson [mailto:wllarso at swcp.com]
Sent: Monday, June 11, 2001 10:32 AM
To: Von Alt, William
Subject: Re: How good is BIND?


In the zone file for "doe.gov", there must be the following records:

	gjo		IN	NS	ernest.doegjpo.com.
			IN	NS	eagle.doegjpo.com.

Notice that the fully qualified names of the name servers end with
periods.  This is to insure that the names do not get a "doe.gov"
appended on them to qualify the names.

That is correct, that is the way it is now stated.

Or, when the delegation is complete, you will need to add the appropriate
glue records, which will look something like:

	gjo		IN	NS	ernest.gjo
			IN	NS	eagle.gjo
	ernest.gjo	IN	NS	10.1.2.3
	eagle.gjo	IN	NS	10.1.2.4

Now notice that the name server names do NOT end with a period.  In this
case you do want to have "doe.gov" appended onto them.

When I change the records previously mentioned above to match the first two
listed here, that's when the DNS resolution "hangs."  However, I will admit
that I did not include the latter two records above... why are they
required?  Shouldn't it be able to resolve the IPs from the names?

Two things to notice:

First: This information is in the "doe.gov" zone file, which most likely
you do not control.  You will have to ask the DNS administrator of the
"doe.gov" zone to add this information.

Actually, I am the DOE admin, so making these changes is not a problem.

Second: There is no need for glue records in the first case since the
the names of these servers get translated into IP addresses by looking
up the "doegjpo.com" domain, which has a different root (".com" rather
than ".gov").

I'm not certain I understand what you are telling me here.  I understand
that the .com's have different roots than the .gov's; however, when I add

gjo.doe.gov.	IN	NS	ernest.gjo.doe.gov.
gjo.doe.gov.	IN	NS	eagle.gjo.doe.gov.

to my doe.gov zone file, then I expect that (at the very least) I should be
able to resolve information for that domain.   Then, after my zones get
propogated out to the roots, so can everyone else.  But after making that
entry, I can't resolve anything about the domain, if I leave the entry as:

gjo.doe.gov.	IN	NS	ernest.doegjpo.com.
gjo.doe.gov.	IN	NS	eagle.doegjpo.com.

then everything works fine... just that I don't want their machines called
'.doegjpo.com.' since that domain will eventually be disappearing.

Thank you very much for your response and help thus far... anything
additional is appreciated.

-William Von Alt
 Verizon
 301.903.2710

Now, until these changes are made in the "doe.gov" zone file, no one
other than yourself, will be able to find any "gjo.doe.gov"
information.  This will include information about the
"ernest.gjo.doe.gov" and "eagle.gjo.doe.gov" name servers.  Fix this
problem and then I suspect that your other problems will go away.

Bill Larson

> Delegating a new domain to be called gjo.doe.gov.  The organization's
> current domain is doegjpo.com, and they wish to gradually move to the new
> one.  Their nameservers are ernest.doegjpo.com and eagle.doegjpo.com, and
> mine are fulcrum.doe.gov and foxbat.doe.gov.
> 
> They have A records for ernest.gjo.doe.gov and eagle.gjo.doe.gov that
point
> to the same IP as ernest.doegjpo.com and eagle.doegjpo.com, respectively.
> 
> On my nameservers, if I delegate the gjo.doe.gov domain to the two
> doegjpo.com nameservers, everything works fine, but it's not the config. I
> want.  If I delegate the domain to the two gjo.doe.gov nameservers (same
> machines, just different A records), my config. doesn't work.  [nslookup
and
> dig "hangs" when queried for anything about the domain, e.g. SOA records
for
> gjo.doe.gov]
> 
> I can't figure out what the difference is between using the doegjpo.com
and
> the gjo.doe.gov domains if the IPs are the same in their files.  Any hints
> on what I'm missing?  Thanks in advance!
> 
> -William Von Alt
>  Verizon
>  301.903.2710
> 
> 
> 





More information about the bind-users mailing list