forwarding queries to another server (huh?)

Kevin Darcy kcd at daimlerchrysler.com
Wed Mar 21 22:19:09 UTC 2001


Most applications that use reverse lookups don't care whether two names point to the same
address or not. That's because they start with the address, do a reverse-lookup of the
name, and then do a forward-lookup of that name to verify that it resolves to the address
they started with. When they do things in this order, they never even know that some
other name happens to point to the same address.


- Kevin

Tomas B. Winkler wrote:

> I was thought that there can be only one canonical name for an
> interface, but I'll give it a try.
> Do I have to provide also reverse mapping or that will create the
> collision ?
>
> Thanks a lot.
>
> Tomas Winkler
> The System Group
> CSE HUJI
>
> On Tue, 20 Mar 2001, Kevin Darcy wrote:
>
> >
> > Tomas B. Winkler wrote:
> >
> > > Thanks a lot Kevin,
> > > I still don't get it (sometimes I'm slow). I think I have to add more
> > > details:
> > > The mycomp.foo.bar.org alread exists in foo.bar.org zone, so Iguess I
> > > cannot set test.foo.bar.org to be an A entry (mycomp.foo.bar.orgis
> > > supposed to be the dns server for test.foo.bar.org)
> >
> > There's no reason why test.foo.bar.org cannot own an A record. That A record would
> > just coincidentally have the same address as the mycomp.foo.bar.org A record. Why
> > would you think this causes problems? Note that the name you use on the right-hand
> > side of an NS record must be a "canonical" name, not an alias. So once you created
> > the test.foo.bar.org A record, you could actually use test.foo.bar.org as the
> > right-hand side of the NS record for the zone. But if you do this, you'll need to
> > create a "glue record" copy of the A record in the parent zone, i.e. in foo.bar.org.
> >
> > > I've delegated test.foo.bar.org from the foo.bar.org (probably not
> > > correctly)
> >
> > Hmmm... Ithought you said you couldn't change foo.bar.org...
> >
> > > So I would rerephraze the question: Is there any way I can run the dns
> > > server on a computer which cannonical name is not in the domain of which
> > > it is master.
> >
> > Sure. This is done all of the time. One of the slaves for chrysler.com (and actually
> > for *all* of our external domains), for instance, isn't master for the zone which
> > contains its own name. This doesn't cause any problems whatsoever.
> >
> > > And more then that, each entry is actuall supposed to be
> > > a CNAME to foo.bar.org names.
> >
> > You can choose any canonical name you want as the target of a CNAME. The main
> > restriction on CNAMEs you need to watch out for though is that the name of the zone
> > itself (test.foo.bar.org) cannot own a CNAME record, because of the infamous
> > "CNAME and other data" rule. Look at the recent archives of this list to find more
> > information about this rule (and the arguments for and against it) than you probably
> > ever wanted to know. Since you cannot create a CNAME for test.foo.bar.org, you have
> > to create an A record instead, and update it whenever it changes.
> >
> >
> > - Kevin
> >
> > > huh
> > >
> > > Tomas Winkler
> > > The System Group
> > > CSE HUJI
> > >
> > > On Tue, 20 Mar 2001, Kevin Darcy wrote:
> > >
> > > >
> > > > Okay then, change that test.foo.bar.org CNAME to an A record, and get rid of
> > > > the "out of zone data" mycomp.foo.bar.org. That should at least allow the
> > > > zonefile to load properly as test.foo.bar.org. Note that if mycomp.foo.bar.org
> > > > doesn't already exist, and youcannot add it to the foo.bar.org zone, then your
> > > > only other option is to define mycomp.foo.bar.org as a zone by itself, and then
> > > > explicitly define that zone (as master/slave/stub) on all nameservers which
> > > > need to know about it. Ditto for the test.foo.bar.org zone, if you can't
> > > > delegate it from the foo.bar.org zone -- you'll have to define it explicitly on
> > > > all of the nameservers which need to know about it.
> > > >
> > > > Maybe it would be easier just to define a "shadow" foo.bar.org zone on all of
> > > > those nameservers, and not bother delegating test.foo.bar.org at all. The only
> > > > possible drawback is that you might need to keep this "shadow" foo.bar.org zone
> > > > in synch with the real foo.bar.org for the duration of the test.
> > >>
> > > >
> > > > - Kevin
> > > >
> > > > Tomas B. Winkler wrote:
> > > >
> > > > > Your remark is true, but what I've probably havn't stressed enough that
> > > > > what I need is a SEPARATE named to be in charge of testdomain. I cannot
> > > > > temper with the main domain name servers.
> > > > >
> > > > > Tomas Winkler
> > > > > The System Group
> > > > > CSEHUJI
> > > > >
> > > > > On Mon, 19 Mar 2001, Kevin Darcy wrote:
> > > > >
> > > > > >
> > > > > > Tomas B.Winkler wrote:
> > > > > >
> > > > > > > Hi
> > > > > > > I have a similar problem I have an existing domain, let say foo.bar.org
> > > > > > > and I would like to span on it a sub-domain let say test.foo.bar.org
> > > > > > > It wouldn't be so hard but I need a separated named to be a master dns.
> > > > > >
> > > > > > Huh? Are you under the impression that a nameserver can be master for only
> > > > > > one zone? Untrue: a single nameserver can be master for large numbers of
> > > > > > zones-- some folks are running thousands of zones from a single
> > > > > > nameserver instance. So there's no reason why your nameserver couldn't be
> > > > > > master for both "foo.bar.org" and "test.foo.bar.org".
> > > > > >
> > > > > > But, before you go ahead and configure that, ask yourself whether it's
> > > > > > necessary to delegate a subzone for the test.foo.bar.org subdomain at
> > > > > >all. You could just add the test.foo.bar.org names to the foo.bar.org
> > > > > > zone. Zones and subdomains are not synonymous, although it is true all
> > > > > > zones -- other than the root zone, of course -- are distinct subdomains of
> > > > > > some parentdomain.
> > > > > >
> > > > > > > The problem is the computer which runs named has not canonical name in
> > > > > > > the test.foo.bar.org domain so the entry is ignored
> > > > > > > The dbfile looks
> > > > > > >
> > > > > > > $TTL86400
> > > > > > > @  IN SOA test.foo.bar.org. tomasw.foo.bar.org. (
> > > > > > >                                   42            ; serial
> > > > > > > (d. adams)
> > > > > > >                                   3H              ; refresh
> > > > > > >                                   15M           ; retry
> > > > > > >                                   1W              ; expiry
> > > > > > >                                 1D )            ; minimum
> > > > > > >
> > > > > > >   1D IN NS        mycomp.foo.bar.org.
> > > > > > >
> > > > > > > localhost       1D IN A         127.0.0.1
> > > > > > > mycomp.foo.bar.org. 1D IN A       xx.xx.xx.xx
> > > > > > > test.foo.bar.org. 1D IN CNAME     mycomp.foo.bar.org.
> > > > > > > zzz.test.foo.bar.org. 1D IN CNAME mycomp.foo.bar.org.
> > > > > >
> > > > > > Okay, now you've really lost me. Is this the zone file for foo.bar.org or
> > > > > > test.foo.bar.org? You didn't say. If it's the foo.bar.org zone file, then
> > > > > > the "test.foo.bar.org" entries in it should work fine *without* the need
> > > > > > for any subzone delegation, as discussed above. On the other hand, if it's
> > > > > > the test.foo.bar.org zonefile, then it's pretty hopeless: not only does
> > > > > > the "test.foo.bar.org" CNAME conflict with the "test.foo.bar.org" SOA and
> > > > > > NS records, but the "mycomp.foo.bar.org" entry doesn't belong in the zone
> > > > > > file at all.
> > > > > >
> > > > > > By the way, regardless of how the zone is loaded, you shouldn't be using
> > > > > > an alias in the MNAME field ("test.foo.bar.org") of your SOA RR. You
> > > > > > should beusing the canonical name ("mycomp.foo.bar.org") instead.
> > > > > >
> > > > > >
> > > > > > - Kevin
> > > > > >
> > > > > > > On Mon, 19 Mar 2001, Pumpkinhead wrote:
> > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > I have an internal domain, say foo.bar.com.I have a name server
> > > > > > > > behaving properly for it.Call it nsfoo.
> > > > > > > >
> > > > > > > > Now I have set up a test environment domain, say test.bar.com.Note
> > > > > > > > that it's not a subdomain of the first.
> > > > > > > >
> > > > > > > > I want a name server (nstest) on test.bar.com to handle its own
> > > > > > > > queries.That is, when nsfoo receives those queries it makes nstest
> > > > > > > > deal with them.
> > > > > > > >
> > > > > > > > In named.conf on nsfoo I have the following entry:
> > > > > > > >
> > > > >> > > zone "test.bar.com" {
> > > > > > > > type forward;
> > > > > > > > forward only;
> > > > > > > > forwarders{
> > > > > > > >         172.xxx.xxx.xxx;
> > > > > > > > };
> > > > > > > > };
> > > > > > > >
> > > > > > > > But alas it doesn't work.Do I need to configure my forward RR's ?
> > > > > > > >
> > > > > > > > Thanks in advance,
> > > > > > > >
> > > > > > > > Peter
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> >
> >
> >
> >
> >





More information about the bind-users mailing list