more on delegating subdomain

Kevin Darcy kcd at daimlerchrysler.com
Fri Feb 14 22:20:42 UTC 2003 

Try putting "forwarders { };" in the zone definition of wrha.mb.ca. That'll
tell named to not forward queries for names in any of its descendant zones.
(Hopefully you don't have any other subzones of wrha.mb.ca that you *do*
want forwarded...)


- Kevin

Matt Kehler wrote:

> I'm not sure what you mean. Our primary internal nameserver
> (wrha001ns04) DOES do some forwarding to other domains.  It IS
> authoritative for wrha.mb.ca.
>
> Basically..we have 2 bind servers internally for name resolution,
> anything they can't resolve they forward to internet accessible
> nameservers. we created a subdomain of ad.wrha.mb.ca to handle our win2k
> implementation.  Since everything on our network points to our 2 name
> servers...we just figured we would add ad.wrha.mb.ca, delegate it to a
> win2k dns server, and away we go.
>
> It seemed as though simply adding the proper entries within our
> wrha.mb.ca zone file to delegate the ad subdomain to the win2k server
> was all we had to do.
>
> I think that makes sense...:)
>
> thx
> Matt
>
> Matt Kehler
> Senior Network Analyst
> Winnipeg Regional Health Authority
> mkehler at wrha.mb.ca
> ph  204.926.7069
> fax 204.943.8014
>
> >>> Kevin Darcy <kcd at daimlerchrysler.com> 02/14/03 15:27 PM >>>
> Ah, I understand now.
>
> Are you using forwarding, by any chance? Any nameserver which is
> authoritative for wrha.mb.ca but *not* authoritative for ad.wrha.mb.ca
> will
> forward queries (instead of following the delegation), if that is its
> default behavior for resolving names outside of its authoritative zones.
>
> - Kevin
>
> Matt Kehler wrote:
>
> > What I meant was that running tcpdump on wrha001ad01 nothing ever
> comes
> > into that nameserver at all. I'm not sure why.
> >
> > Matt
> >
> > >>> Kevin Darcy <kcd at daimlerchrysler.com> 02/14/03 15:06 PM >>>
> > Matt Kehler wrote:
> >
> > > I am resending this as we had a email issue last night and some
> stuff
> > > was lost.   I'm trying to delegate a subdomain..its not working.  I
> do
> > > not see the requests go out of my primary domain nameserver.  I'm
> > using
> > > bind9.2.latest.  Snip of my domain zone data file is below from my
> > > primary NS server, wrha001ns04 for the wrha.mb.ca domain, and trying
> > to
> > > delegate the ad.wrha.mb.ca subdomain off to the nameserver
> wrha001ad01
> > > (at 172.19.40.21)  .  is the below not correct?
> > >
> > > >>>>>>>>>>>>>
> > > [root at wrha001ns04 etc]# cat wrha.mb.ca.hosts.internal
> > > $ttl 38400
> > > wrha.mb.ca.     IN      SOA     wrha001ns04. root (
> > >                         1030053590
> > >                         10800
> > >                         3600
> > >                         604800
> > >                         38400 )
> > > wrha.mb.ca.     IN      NS      wrha001ns04.
> > > ad.wrha.mb.ca.  IN      NS      wrha001ad01.ad.wrha.mb.ca.
> > > home.wrha.mb.ca.        IN      A       172.19.40.30
> > > proxy.wrha.mb.ca.       IN      A       172.19.40.5
> > > wrha1_srv.wrha.mb.ca.   IN      A       172.19.40.10
> > > apps.wrha.mb.ca.        IN      A       172.19.40.19
> > > wrha001ad01.ad.wrha.mb.ca.      IN      A       172.19.40.21
> >
> > Why would you expect to see requests "go out of your primary domain
> > nameserver"? Presumably by this you mean the wrha001ns04 nameserver.
> > Since
> > you've delegated ad.wrha.mb.ca to the nameserver
> > wrha001ad01.ad.wrha.mb.ca, queries for anything in that zone would go
> to
> > that nameserver instead.
> >
> > - Kevin

More information about the bind-users mailing list