Can I "re-delegate" an already delegated zone?
Barry Margolin
barmar at genuity.net
Thu Sep 20 21:08:47 UTC 2001
In article <9odk1f$22v at pub3.rc.vix.com>,
Richard Roberto <rroberto at register.com> wrote:
>
>Hi,
>
>I have a situation I'm trying to test. I have an internal DNS serving some
>private domains, mostly for testing. The top level is dedlegend.com (not
>the real dedlegend.com, but an internal version of it, which makes this a
>little goofy).
>
>Anyway, we have sparc 4 running netbsd delegating sub domains, but we seem
>to have forgotten the password :-(
>
>I want to test a dynamic DNS thingy that allows us to register our ISP
>addresses, and have that served by a separate host. The problem is that the
>current server (FreeBSD running BIND 8.2.3) has the delegation and the new
>server (Win2k) will actually have the correct data. I tried just forwarding
>the zone with:
>
>zone "win.dedlegend.com" {
> type forward;
> forward first;
> forwarders {10.1.1.1;};
>};
>
>But it seems that our recursive server (Solaris 2.5.1 running BIND 8.2.3)
>doesn't get the data from the win2k box, but instead gets a SERVFAIL.
>
>If I dig against the FreeBSD box directly, I get the correct responses, but
>if I dig against the Solaris box (which gets the delegation from the
>dedlegend.com server telling it to ask the FreeBSD box), it fails. It looks
>like the FreeBSD box is not recursing and sending back the response, but
>instead sending back a referral to the internal root. It looks like the
>recursive server is not sending requests with the recursion desired bit set.
That's correct. The recursive server thinks it's asking an authoritative
server, so it doesn't set the Recursion Desired flag; it will do its own
iteration. You need to add NS records for the subdomain to the
dedlegend.com zone. Then the FreeBSD box will send back proper referrals,
and the recursive server will query the Win2K server.
>Is this correct? I can't tell since I don't have anything that can inspect
>the headers of the DNS packets to tell me :-(
dig shows the packet headers. If you want to emulate what the recursive
server is doing, use the +norecurse option.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list