more on delegating subdomain

Matt Kehler mkehler at wrha.mb.ca
Fri Feb 14 22:42:37 UTC 2003


Okay, so I got too excited (sad) and tried it..it works!!   So why
exactly does it NOT work without a blank forwarders section?  Any why
hasn't anyone else ever run into this problem before?  I searched all
over the place looking for an answer!  

thx!!!
Matt

>>> Kevin Darcy <kcd at daimlerchrysler.com> 02/14/03 04:20PM >>>
Try putting "forwarders { };" in the zone definition of wrha.mb.ca.
That'll
tell named to not forward queries for names in any of its descendant
zones.
(Hopefully you don't have any other subzones of wrha.mb.ca that you
*do*
want forwarded...)


- Kevin

Matt Kehler wrote:

> I'm not sure what you mean. Our primary internal nameserver
> (wrha001ns04) DOES do some forwarding to other domains.  It IS
> authoritative for wrha.mb.ca.
>
> Basically..we have 2 bind servers internally for name resolution,
> anything they can't resolve they forward to internet accessible
> nameservers. we created a subdomain of ad.wrha.mb.ca to handle our
win2k
> implementation.  Since everything on our network points to our 2
name
> servers...we just figured we would add ad.wrha.mb.ca, delegate it to
a
> win2k dns server, and away we go.
>
> It seemed as though simply adding the proper entries within our
> wrha.mb.ca zone file to delegate the ad subdomain to the win2k
server
> was all we had to do.
>
> I think that makes sense...:)
>
> thx
> Matt
>
> Matt Kehler
> Senior Network Analyst
> Winnipeg Regional Health Authority
> mkehler at wrha.mb.ca 
> ph  204.926.7069
> fax 204.943.8014
>
> >>> Kevin Darcy <kcd at daimlerchrysler.com> 02/14/03 15:27 PM >>>
> Ah, I understand now.
>
> Are you using forwarding, by any chance? Any nameserver which is
> authoritative for wrha.mb.ca but *not* authoritative for
ad.wrha.mb.ca
> will
> forward queries (instead of following the delegation), if that is
its
> default behavior for resolving names outside of its authoritative
zones.
>
> - Kevin
>
> Matt Kehler wrote:
>
> > What I meant was that running tcpdump on wrha001ad01 nothing ever
> comes
> > into that nameserver at all. I'm not sure why.
> >
> > Matt
> >
> > >>> Kevin Darcy <kcd at daimlerchrysler.com> 02/14/03 15:06 PM >>>
> > Matt Kehler wrote:
> >
> > > I am resending this as we had a email issue last night and some
> stuff
> > > was lost.   I'm trying to delegate a subdomain..its not working. 
I
> do
> > > not see the requests go out of my primary domain nameserver. 
I'm
> > using
> > > bind9.2.latest.  Snip of my domain zone data file is below from
my
> > > primary NS server, wrha001ns04 for the wrha.mb.ca domain, and
trying
> > to
> > > delegate the ad.wrha.mb.ca subdomain off to the nameserver
> wrha001ad01
> > > (at 172.19.40.21)  .  is the below not correct?
> > >
> > > >>>>>>>>>>>>>
> > > [root at wrha001ns04 etc]# cat wrha.mb.ca.hosts.internal
> > > $ttl 38400
> > > wrha.mb.ca.     IN      SOA     wrha001ns04. root (
> > >                         1030053590
> > >                         10800
> > >                         3600
> > >                         604800
> > >                         38400 )
> > > wrha.mb.ca.     IN      NS      wrha001ns04.
> > > ad.wrha.mb.ca.  IN      NS      wrha001ad01.ad.wrha.mb.ca.
> > > home.wrha.mb.ca.        IN      A       172.19.40.30
> > > proxy.wrha.mb.ca.       IN      A       172.19.40.5
> > > wrha1_srv.wrha.mb.ca.   IN      A       172.19.40.10
> > > apps.wrha.mb.ca.        IN      A       172.19.40.19
> > > wrha001ad01.ad.wrha.mb.ca.      IN      A       172.19.40.21
> >
> > Why would you expect to see requests "go out of your primary
domain
> > nameserver"? Presumably by this you mean the wrha001ns04
nameserver.
> > Since
> > you've delegated ad.wrha.mb.ca to the nameserver
> > wrha001ad01.ad.wrha.mb.ca, queries for anything in that zone would
go
> to
> > that nameserver instead.
> >
> > - Kevin




More information about the bind-users mailing list