Newbie Zone File Question

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Dec 23 23:29:57 UTC 2003


> 
> 
> 
> On Tue, 23 Dec 2003, Barry Margolin wrote:
> 
> > In article <bsa5gj$ok8$1 at sf1.isc.org>, tnaves at linkwest.net wrote:
> > 
> > > I finally got my first dns server working.  YeeHaa!
> > > 
> > > I am using BIND 8 and have the following files:
> > 
> > If you're doing this for the first time, why aren't you using the 
> > current version of BIND?
> 
> I just tried it on the version that was on my Sun box.  It is just to
> learn how to do it.
> 
> > 
> > > named.conf (with a forwarder defined, a nameserver at my isp)
> > 
> > Why?  Is there something preventing your server from querying other 
> > remote nameservers?
> 
> I thought this was the usual way of doing things i.e., resolve names on
> the local network using priate address space ip addrs and forwarding the
> public lookups to a public nameserver.  Also, the ISP nameservers are the
> public nameservers for our public addresses.
 
	No.  The usual way is to do your own iterative search.

>  > > > named.ca (My cache file
> with only my name server as root server) > 
> > Unless you've configured your server as a root server, it shouldn't be 
> > in there.  You should have the list of real root servers.
> 
> It ws my intent to make my server the root server for my private network
> and to forward to the nameserver at the ISP for public addrs.  This brings
> up another question.  When I do an nslookup on my private name server it
> reponds with a non-authoritative answer.  Here is the config of my
> named.ca file:
> 
> ; named.ca
> ;
> .  3600000  IN  NS  NS1.MYDOMAIN.COM.
> NS1.MYDOMAIN.COM.  3600000  A  192.168.1.6
> 
> Woouldn't that make it the root nameserver and thus authoritative?

	No.  To be a root server you need to *serve* ".".

	zone "." {
		type master; // or slave
		file "root.db";
		// masters { ... }; // for a slave
	};

	If you do this you then need to delegate each of the subzones of ".".

	You want to be authoritative for *your* part of the namespace.   You
	don't want to be authoritative for ALL of the namespace.

> > > my_domain.zone (I have four hosts in this file counting the name server
> > > and localhost)
> > > 
> > > my_domain_rev.zone (I have three hosts in this file counting the name
> > > server)
> > > 
> > > local.rev (I have one host in this file, 1.0.0.127.in-addr.arpa.) 
> > > 
> > > It works fine.
> > > 
> > > I have a couple of questions with respect to expanding my nameserver.
> > > 
> > > Currently I am providing name resolution for one subnet only, 192.168.1.0
> > > 
> > > I have two others: 192.168.2.0 and 192.168.3.0
> > > 
> > > My question is:
> > > 
> > > Can I just add hosts on these other subnets to my zone file
> > > (my_domain.zone above) or do I need a zone for each subnet?
> > 
> > You need a zone for each domain.  If they're in the same domain, then 
> > they should normally be in the same forward zone file.
> 
> Thanks.
> 
> > 
> > > How about the in-addr.arpa file for my zone (my_domain.zone above)?
> > 
> > You could have separate zones for each reverse domain, your you could 
> > have a single reverse zone for 168.192.in-addr.arpa.
> 
> Thanks again.
> 
> > 
> > -- 
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > 
> > 
> > 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list