Sub-domain delegation for BIND 9.2.3
Apache Apache
apacheusr at hotmail.com
Mon Sep 6 01:20:03 UTC 2004
Appened are my files on the Primary DNS:
//named.conf for Pri DNS for company.def.com & company.abc.com (ip is
130.1.2.3)
// ACL for blocking RFC1918 space commonly used for DoS and spoofing
attacks.
acl noaccess-list { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24;
224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
acl slave { 130.1.2.4; };
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } ;
};
options {
version "DNS Server";
directory "/usr/local/named/log";
pid-file "/usr/local/named/named.pid";
allow-query { any; };
listen-on-v6 { none; };
listen-on { 130.1.2.3; };
notify yes;
provide-ixfr yes;
blackhole { noaccess-list; };
};
zone "." {
type hint;
file "root.hint";
};
// IPv4 localhost and localhost reverse.
zone "localhost" {
type master;
file "db.localhost";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
notify no;
};
zone "2.1.130.in-addr.arpa" {
type master;
file "db.130.1.2";
notify yes;
allow-transfer { slave; };
};
zone "company.def.com" {
type master;
file "db.company.def.com";
notify yes;
allow-transfer { slave; };
};
zone "company.abc.com" {
type master;
file "db.company.abc.com";
notify yes;
forwarders { };
allow-transfer { slave; };
};
//End of named.conf for Pri DNS
------------------------------------------------
// root.hint
. 3600000 IN NS A.ROOT-SERVERS.NET.
A-ROOT-SERVERS.NET. 3600000 A 130.1.2.3
//End of root.hint
-------------------------------------------------
// db.localhost
@ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
2001051701 // Serial Number
28800 // Refresh (8 hrs.)
7200 // Retry (2 hrs.)
604800 // Expire (7 days)
86400) // Minimum (1 day)
IN NS pridns.company.def.com.
$TTL 1h
IN A 127.0.0.1
// End of db.localhost
------------------------------------------------
// db.127.0.0
@ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
2001051700 // Serial number
28800 // Refresh (8 hrs.)
7200 // Retry (2 hrs.)
604800 // Expire (7 days)
86400) // Minimum (1 day)
IN NS pridns.company.def.com.
1 IN PTR localhost.
//End of db.127.0.0
------------------------------------------------
// db.company.abc.com
@ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
200105171 // Serial number
28800 // Refresh (8 hrs.)
7200 // Retry (2 hrs.)
604800 // Expire (7 days)
86400) // Minimum (1 day)
IN NS pridns.company.def.com.
IN NS slavedns.company.def.com.
pridns.company.def.com. IN A 130.1.2.3
slavedns.company.def.com. IN A 130.1.2.4
xyz.company.abc.com. IN NS pridns.xyz.company.abc.com.
pridns.xyz.company.abc.com. IN A 172.7.8.9
intranet.company.abc.com IN A 130.1.2.10
// End of db.company.abc.com
-------------------------------------------------
// db.130.1.2
@ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
200105173 // Serial number
28800 // Refresh (8 hrs.)
7200 // Retry (2 hrs.)
604800 // Expire (7 days)
86400) // Minimum (1 day)
IN NS pridns.company.def.com. // master nameserver
IN NS slavednsdns.company.def.com. // slave nameserver
3 IN PTR pridns.company.def.com.
4 IN PTR slavedns.company.def.com.
// End of db.130.1.2
------------------------------------------------
//etc/resolv.conf
domain company.def.com
nameserver 130.1.2.3
nameserver 130.1.2.4
Pls advise what went wrong.
------------------------------------------------
>From: phn at icke-reklam.ipsec.nu
>To: comp-protocols-dns-bind at isc.org
>Subject: Re: Sub-domain delegation for BIND 9.2.3
>Date: Fri, 3 Sep 2004 17:53:16 +0000 (UTC)
>
>Apache Apache <apacheusr at hotmail.com> wrote:
> > Hi,
>
> > Have done as advised but when I performed a nslookup, I can only get
> > non-existent host/domain and not able to resolve
>host.xyz.company.abc.com.
> > Pls advise is there anything that I missed out. Thank you.
>
>
> >>From: phn at icke-reklam.ipsec.nu
> >>To: comp-protocols-dns-bind at isc.org
> >>Subject: Re: Sub-domain delegation for BIND 9.2.3
> >>Date: Thu, 2 Sep 2004 16:52:18 +0000 (UTC)
> >>
> >>Apache Apache <apacheusr at hotmail.com> wrote:
> >> > I have a server (ie. serverA) running BIND 9.2.3 and is a master DNS
>fo=
> >>r=20
> >> > parent domain company.abc.com. Users are pointing to this server for
>na=
> >>me=20
> >> > resolution.
> >>
> >> > I have another server (ie. serverB using F5 DNS) and I would like
> >>this=20
> >> > server to serve the domain xyz.company.abc.com.
> >>
> >> > What are the changes required on my named.conf and db.company.abc.com
>f=
> >>or=20
> >> > serverA in order for users to be able to resolve
>host.xyz.company.abc.c=
> >>om???
> >>
> >>A proper delagation. ( a couple of NS records in xyz.company.abc.com. )
> >>
> >> > Thank you.
> >>
> >> > _________________________________________________________________
> >> > Get MSN Hotmail alerts on your mobile.=20
> >> > http://mobile.msn.com/ac.aspx?cid=3Duuhp_hotmail
> >>
> >>
> >>
> >>--=20
> >>Peter H=E5kanson =20
> >> IPSec Sverige ( At Gothenburg Riverside )
> >> Sorry about my e-mail address, but i'm trying to keep spam
>out=
> >>,
> >> remove "icke-reklam" if you feel for mailing me. Thanx.
> >>
>
> > _________________________________________________________________
> > Get MSN Hotmail alerts on your mobile.
> > http://mobile.msn.com/ac.aspx?cid=uuhp_hotmail
>
>Proper delegation is to add a 'NS' records where LHS is the sibdomain name
>and RHS is the FQDN of the nameserver(s) configured as servers for the
>zone.
>
>nslookup is a tool that is broken in most hands. The symptoms you tell
>about
>might be problems with nslookup.
>
>Why don't you publish the name of the zone , the contents ( at least the
>relevant parts)
>of the zonefile(s) and configfiles ? That way we don't have to guess
>
>
>--
>Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
>
_________________________________________________________________
Fast. Clear. Easy. The new MSN Search. http://search.msn.com.sg/
More information about the bind-users
mailing list