Sub-domain delegation for BIND 9.2.3
Apache Apache
apacheusr at hotmail.com
Tue Sep 7 02:31:25 UTC 2004
My setup is such that the PriDNS and SlaveDNS are supporting 2 different
domains (ie. company.abc.com and company.def.com).
My db.company.def.com file
------------------------------------------------
// db.company.def.com
@ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
200105171 // Serial number
28800 // Refresh (8 hrs.)
7200 // Retry (2 hrs.)
604800 // Expire (7 days)
86400) // Minimum (1 day)
IN NS pridns.company.def.com.
IN NS slavedns.company.def.com.
pridns.company.def.com. IN A 130.1.2.3
slavedns.company.def.com. IN A 130.1.2.4
intranet.company.def.com IN A 130.2.2.8
// End of db.company.def.com
------------------------------------------------
For root.hint, what are entires can I put??? Can I use the slavedns???
For the zonefile db.company.abc.com, am I right to say that I need to change
to as follows:
------------------------------------------------
// db.company.def.com
@ 4h IN SOA pridns.company.abc.com. postmaster.company.abc.com. (
200105171 // Serial number
28800 // Refresh (8 hrs.)
7200 // Retry (2 hrs.)
604800 // Expire (7 days)
86400) // Minimum (1 day)
IN NS pridns.company.abc.com.
IN NS slavedns.company.abc.com.
pridns.company.abc.com. IN A 130.1.2.3
slavedns.company.abc.com. IN A 130.1.2.4
xyz.company.abc.com. IN NS pridns.xyz.company.abc.com.
pridns.xyz.company.abc.com. IN A 172.7.8.9
intranet.company.abc.com IN A 130.1.2.10
// End of db.company.abc.com
------------------------------------------------
Kindly also advise how do I create a root server??? Can I make use of the
PriDNS??? If yes, what are the file and content to be created???
It seems like my entire setup is wrong and I would like to have them
corrected.
Thank you.
>From: phn at icke-reklam.ipsec.nu
>To: comp-protocols-dns-bind at isc.org
>Subject: Re: Sub-domain delegation for BIND 9.2.3
>Date: Mon, 6 Sep 2004 21:36:46 +0000 (UTC)
>
>Apache Apache <apacheusr at hotmail.com> wrote:
> > Appened are my files on the Primary DNS:
>
>Look below for comments :
>
> > //named.conf for Pri DNS for company.def.com & company.abc.com (ip is
> > 130.1.2.3)
> > // ACL for blocking RFC1918 space commonly used for DoS and spoofing
> > attacks.
> > acl noaccess-list { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24;
> > 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
>
> > acl slave { 130.1.2.4; };
>
> > controls {
> > inet 127.0.0.1 port 953
> > allow { 127.0.0.1; } ;
> > };
>
> > options {
> > version "DNS Server";
> > directory "/usr/local/named/log";
> > pid-file "/usr/local/named/named.pid";
> > allow-query { any; };
> > listen-on-v6 { none; };
> > listen-on { 130.1.2.3; };
> > notify yes;
> > provide-ixfr yes;
> > blackhole { noaccess-list; };
> > };
>
> > zone "." {
> > type hint;
> > file "root.hint";
> > };
>
> > // IPv4 localhost and localhost reverse.
> > zone "localhost" {
> > type master;
> > file "db.localhost";
> > };
>
> > zone "0.0.127.in-addr.arpa" {
> > type master;
> > file "db.127.0.0";
> > notify no;
> > };
>
> > zone "2.1.130.in-addr.arpa" {
> > type master;
> > file "db.130.1.2";
> > notify yes;
> > allow-transfer { slave; };
> > };
>
>
> > zone "company.def.com" {
> > type master;
> > file "db.company.def.com";
>
>Where is this file ??
>
> > notify yes;
> > allow-transfer { slave; };
> > };
>
> > zone "company.abc.com" {
> > type master;
> > file "db.company.abc.com";
> > notify yes;
> > forwarders { };
> > allow-transfer { slave; };
> > };
>
> > //End of named.conf for Pri DNS
> > ------------------------------------------------
>
> > // root.hint
>
> > . 3600000 IN NS A.ROOT-SERVERS.NET.
> > A-ROOT-SERVERS.NET. 3600000 A 130.1.2.3
>
> > //End of root.hint
>
>Ok, you are running internal-roots with a single server, this
>might fail ( you should need 3 )
>
> > -------------------------------------------------
> > // db.localhost
> > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
> > 2001051701 // Serial Number
> > 28800 // Refresh (8 hrs.)
> > 7200 // Retry (2 hrs.)
> > 604800 // Expire (7 days)
> > 86400) // Minimum (1 day)
> > IN NS pridns.company.def.com.
> > $TTL 1h
> > IN A 127.0.0.1
>
> > // End of db.localhost
>
> > ------------------------------------------------
> > // db.127.0.0
> > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
> > 2001051700 // Serial number
> > 28800 // Refresh (8 hrs.)
> > 7200 // Retry (2 hrs.)
> > 604800 // Expire (7 days)
> > 86400) // Minimum (1 day)
>
> > IN NS pridns.company.def.com.
> > 1 IN PTR localhost.
>
> > //End of db.127.0.0
>
> > ------------------------------------------------
> > // db.company.abc.com
> > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
> > 200105171 // Serial number
> > 28800 // Refresh (8 hrs.)
> > 7200 // Retry (2 hrs.)
> > 604800 // Expire (7 days)
> > 86400) // Minimum (1 day)
>
> > IN NS pridns.company.def.com.
> > IN NS slavedns.company.def.com.
>
>if this is the zonefile for "company.def.com." you cannot
>say anything about "def.com." here. it should be done at '.' or
>'.com' level ( probably in your root-server )
>
>
> > pridns.company.def.com. IN A 130.1.2.3
> > slavedns.company.def.com. IN A 130.1.2.4
>
> > xyz.company.abc.com. IN NS pridns.xyz.company.abc.com.
> > pridns.xyz.company.abc.com. IN A 172.7.8.9
>
>
> > intranet.company.abc.com IN A 130.1.2.10
>
>
> > // End of db.company.abc.com
>
> > -------------------------------------------------
> > // db.130.1.2
> > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
> > 200105173 // Serial number
> > 28800 // Refresh (8 hrs.)
> > 7200 // Retry (2 hrs.)
> > 604800 // Expire (7 days)
> > 86400) // Minimum (1 day)
>
> > IN NS pridns.company.def.com. // master nameserver
> > IN NS slavednsdns.company.def.com. // slave nameserver
>
> > 3 IN PTR pridns.company.def.com.
> > 4 IN PTR slavedns.company.def.com.
>
> > // End of db.130.1.2
> > ------------------------------------------------
>
> > //etc/resolv.conf
> > domain company.def.com
> > nameserver 130.1.2.3
> > nameserver 130.1.2.4
>
> > Pls advise what went wrong.
> > ------------------------------------------------
>
>
>
> >>From: phn at icke-reklam.ipsec.nu
> >>To: comp-protocols-dns-bind at isc.org
> >>Subject: Re: Sub-domain delegation for BIND 9.2.3
> >>Date: Fri, 3 Sep 2004 17:53:16 +0000 (UTC)
> >>
> >>Apache Apache <apacheusr at hotmail.com> wrote:
> >> > Hi,
> >>
> >> > Have done as advised but when I performed a nslookup, I can only get
> >> > non-existent host/domain and not able to resolve
> >>host.xyz.company.abc.com.
> >> > Pls advise is there anything that I missed out. Thank you.
> >>
> >>
> >> >>From: phn at icke-reklam.ipsec.nu
> >> >>To: comp-protocols-dns-bind at isc.org
> >> >>Subject: Re: Sub-domain delegation for BIND 9.2.3
> >> >>Date: Thu, 2 Sep 2004 16:52:18 +0000 (UTC)
> >> >>
> >> >>Apache Apache <apacheusr at hotmail.com> wrote:
> >> >> > I have a server (ie. serverA) running BIND 9.2.3 and is a master
>DNS
> >>fo=
> >> >>r=20
> >> >> > parent domain company.abc.com. Users are pointing to this server
>for
> >>na=
> >> >>me=20
> >> >> > resolution.
> >> >>
> >> >> > I have another server (ie. serverB using F5 DNS) and I would like
> >> >>this=20
> >> >> > server to serve the domain xyz.company.abc.com.
> >> >>
> >> >> > What are the changes required on my named.conf and
>db.company.abc.com
> >>f=
> >> >>or=20
> >> >> > serverA in order for users to be able to resolve
> >>host.xyz.company.abc.c=
> >> >>om???
> >> >>
> >> >>A proper delagation. ( a couple of NS records in xyz.company.abc.com.
>)
> >> >>
> >> >> > Thank you.
> >> >>
> >> >> > _________________________________________________________________
> >> >> > Get MSN Hotmail alerts on your mobile.=20
> >> >> > http://mobile.msn.com/ac.aspx?cid=3Duuhp_hotmail
> >> >>
> >> >>
> >> >>
> >> >>--=20
> >> >>Peter H=E5kanson =20
> >> >> IPSec Sverige ( At Gothenburg Riverside )
> >> >> Sorry about my e-mail address, but i'm trying to keep
>spam
> >>out=
> >> >>,
> >> >> remove "icke-reklam" if you feel for mailing me. Thanx.
> >> >>
> >>
> >> > _________________________________________________________________
> >> > Get MSN Hotmail alerts on your mobile.
> >> > http://mobile.msn.com/ac.aspx?cid=uuhp_hotmail
> >>
> >>Proper delegation is to add a 'NS' records where LHS is the sibdomain
>name
> >>and RHS is the FQDN of the nameserver(s) configured as servers for the
> >>zone.
> >>
> >>nslookup is a tool that is broken in most hands. The symptoms you tell
> >>about
> >>might be problems with nslookup.
> >>
> >>Why don't you publish the name of the zone , the contents ( at least the
> >>relevant parts)
> >>of the zonefile(s) and configfiles ? That way we don't have to guess
> >>
> >>
> >>--
> >>Peter Håkanson
> >> IPSec Sverige ( At Gothenburg Riverside )
> >> Sorry about my e-mail address, but i'm trying to keep spam
>out,
> >> remove "icke-reklam" if you feel for mailing me. Thanx.
> >>
>
> > _________________________________________________________________
> > Fast. Clear. Easy. The new MSN Search. http://search.msn.com.sg/
>
>
>
>--
>Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
>
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the bind-users
mailing list