using slave NS in glue records

Kevin Darcy kcd at daimlerchrysler.com
Tue Dec 10 15:22:36 UTC 2002


Gregory Hicks wrote:

> > Date: Wed, 04 Dec 2002 01:01:53 +0100
> > From: Eivind Olsen <eivind at aminor.no>
> >
> > Are you thinking about having a hidden master server, like this?
> >
> > Hidden master server (master.example.com)
> > ====================
> > |
> > |
> > +--------slave1 (ns1.example.com)
> > |
> > |
> > +--------slave2 (ns2.example.com)
> >
>
> I am obviously doing something wrong...
>
> our 'internet' name server is working.  Our internal name servers
> work.  However, I am trying to set up one of these 'hidden master
> servers' by listing all of the 'internal name servers in the
> db.cadence.ns and using that as the zone master...
>
> However, it would appear that I cannot get it to look anywhere else...
> How to do this?
>
> Regards,
> Gregory Hicks
> -----------db.cadence.ns -----------
> $ORIGIN Cadence.COM.
> @       IN      SOA     metis.Cadence.COM. root.metis.Cadence.COM. (
>                 2002120914 3600 900 604800 3600 )
>
>                 1H IN NS        iss.cadence.com.
>                 1H IN NS        cds2.cadence.com.
>                 1H IN NS        cds238.cadence.com.
>                 1H IN NS        granola.cadence.com.
>
> dr              1H IN NS        dc1sjroot.cadence.com.
>                 1H IN NS        dc2sjroot.cadence.com.
>
> catena          1H IN NS        cat0.catena.cadence.com.
>
> engineering     1H IN NS        bsd6.cadence.com.
>                 1H IN NS        bsd21.cadence.com.
>
> global          1H IN NS        dc1sjglobal.cadence.com.
>                 1H IN NS        dc2sjglobal.cadence.com.
>
> _msdcs.global   1H IN NS        dc1sjglobal.cadence.com.
>                 1H IN NS        dc2sjglobal.cadence.com.
>
> _tcp.global     1H IN NS        dc1sjglobal.cadence.com.
>                 1H IN NS        dc2sjglobal.cadence.com.
>
> _udp.global     1H IN NS        dc1sjglobal.cadence.com.
>                 1H IN NS        dc2sjglobal.cadence.com.
>
> _sites.global   1H IN NS        dc1sjglobal.cadence.com.
>                 1H IN NS        dc2sjglobal.cadence.com.
>
> bsd21              IN A         158.140.5.139
> bsd6               IN A         158.140.90.6
> cat0.catena        IN A         158.140.133.37
> cds2               IN A         158.140.32.75
> cds238             IN A         158.140.128.1
> dc1sjglobal        IN A         158.140.128.140
> dc1sjroot          IN A         158.140.128.40
> dc2sjglobal        IN A         158.140.128.141
> dc2sjroot          IN A         158.140.128.41
> granola            IN A         158.140.128.35
> iss                IN A         158.140.32.1
> metis              IN A         158.140.48.93
>
> --------/etc/named.conf --------------------
> options {
>         directory        "/var/yp/nameserver";
>         //
>         //the db.cache file below references only ns.cadence.com.
>         //because of the firewall, it does not talk directly with
>         //the root servers of the internet
>         //
>         //
>         //the forwarder for ns.cadence.com, below is no typo. it is
>         //mentioned twice to change the behavior of bind. see p. 143
>         //of the first ed of _dns & bind_
>         //
>         forwarders       {
>                 158.140.128.140;
>                 158.140.32.1;
>          };
>         //
>         //the slave keyword causes dns to only do recursive queries.
>         //
>
> };
>
> key "rndc-key" {
>         algorithm hmac-md5;
>         secret "secret-password";
> };
>
> controls {
>         inet 127.0.0.1 port 953
>                 allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
> zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "db.127.0.0";
>         notify no;
> };
>
>  zone "Cadence.COM" in {
>         type master;
>         file "db.Cadence.ns";
> #       masters { 158.140.128.1; };
> };
>
>  zone "99.139.in-addr.arpa" in {
>         type slave;
>         file "db.139.99";
>         masters { 158.140.128.1; };
> };
>
>  zone "140.158.in-addr.arpa" in {
>         type slave;
>         file "db.158.140";
>         masters { 158.140.128.1; };
> };
>
>  zone "." in {
>         type hint;
>         file "db.cache";
> };
> ---------- end of /etc/named.conf ----------------
>
> ---------- db.cache ------------------------------
> ; This is a hacked version of the db.cache to fake cds238 into believing
> ; that all requests should go through the firewall.  If you replace this
> ; with the db.cache from Internic, it won't work as expected.
> ;
> ; grif 9/15/97
> ;
>
> ..                        3600000  IN  NS    ns.cadence.com.
> ..                       3600000  IN  NS    gossip.cadence.com
> ns.cadence.com.          3600000  IN  A     158.140.1.253
> gossip.cadence.com       3600000  IN  A     158.140.2.50
> ---------- end of db.cache -----------------------
>

Perhaps it would help if you explained what you're trying to accomplish. It
looks like you're trying to use zone NS records and/or the contents of the
hints file as a general-purpose forwarding or "override
forwarding" mechanism. That's doomed to failure. The hints file should only
contain information about the root zone, and an authoritative server for a
zone will never "forward" queries anywhere else, regardless of what the
zone NS records say.


- Kevin




More information about the bind-users mailing list