Sub-domain delegation for BIND 9.2.3

Apache Apache apacheusr at hotmail.com
Tue Sep 7 02:31:25 UTC 2004


My setup is such that the PriDNS and SlaveDNS are supporting 2 different 
domains (ie. company.abc.com and company.def.com).

My db.company.def.com file
------------------------------------------------
// db.company.def.com
@	4h	IN	SOA	pridns.company.def.com.		postmaster.company.def.com.	(
	200105171	// Serial number
	28800		// Refresh (8 hrs.)
	7200		// Retry (2 hrs.)
	604800		// Expire (7 days)
	86400)		// Minimum (1 day)

	IN	NS	pridns.company.def.com.
	IN	NS	slavedns.company.def.com.

pridns.company.def.com.	IN	A	130.1.2.3
slavedns.company.def.com.	IN	A	130.1.2.4


intranet.company.def.com	IN	A	130.2.2.8

// End of db.company.def.com
------------------------------------------------

For root.hint, what are entires can I put??? Can I use the slavedns???

For the zonefile db.company.abc.com, am I right to say that I need to change 
to as follows:

------------------------------------------------
// db.company.def.com
@	4h	IN	SOA	pridns.company.abc.com.		postmaster.company.abc.com.	(
	200105171	// Serial number
	28800		// Refresh (8 hrs.)
	7200		// Retry (2 hrs.)
	604800		// Expire (7 days)
	86400)		// Minimum (1 day)

	IN	NS	pridns.company.abc.com.
	IN	NS	slavedns.company.abc.com.

pridns.company.abc.com.	IN	A	130.1.2.3
slavedns.company.abc.com.	IN	A	130.1.2.4

xyz.company.abc.com.	IN	NS	pridns.xyz.company.abc.com.
pridns.xyz.company.abc.com.	IN	A	172.7.8.9


intranet.company.abc.com	IN	A	130.1.2.10

// End of db.company.abc.com
------------------------------------------------

Kindly also advise how do I create a root server??? Can I make use of the 
PriDNS??? If yes, what are the file and content to be created???

It seems like my entire setup is wrong and I would like to have them 
corrected.

Thank you.


>From: phn at icke-reklam.ipsec.nu
>To: comp-protocols-dns-bind at isc.org
>Subject: Re: Sub-domain delegation for BIND 9.2.3
>Date: Mon, 6 Sep 2004 21:36:46 +0000 (UTC)
>
>Apache Apache <apacheusr at hotmail.com> wrote:
> > Appened are my files on the Primary DNS:
>
>Look below for comments :
>
> > //named.conf for Pri DNS for company.def.com & company.abc.com (ip is
> > 130.1.2.3)
> > // ACL for blocking RFC1918 space commonly used for DoS and spoofing
> > attacks.
> > acl noaccess-list { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24;
> > 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
>
> > acl slave { 130.1.2.4; };
>
> > controls {
> >         inet 127.0.0.1 port 953
> >         allow { 127.0.0.1; } ;
> > };
>
> > options {
> >         version "DNS Server";
> >         directory "/usr/local/named/log";
> >         pid-file "/usr/local/named/named.pid";
> >         allow-query { any; };
> >         listen-on-v6 { none; };
> >         listen-on { 130.1.2.3; };
> >         notify yes;
> >         provide-ixfr yes;
> >         blackhole { noaccess-list; };
> > };
>
> > zone "." {
> >         type hint;
> >         file "root.hint";
> > };
>
> > // IPv4 localhost and localhost reverse.
> > zone "localhost" {
> >         type master;
> >         file "db.localhost";
> > };
>
> > zone "0.0.127.in-addr.arpa" {
> >         type master;
> >         file "db.127.0.0";
> >         notify no;
> > };
>
> > zone "2.1.130.in-addr.arpa" {
> >         type master;
> >         file "db.130.1.2";
> >         notify yes;
> >         allow-transfer { slave; };
> > };
>
>
> > zone "company.def.com" {
> >         type master;
> >         file "db.company.def.com";
>
>Where is this file ??
>
> >         notify yes;
> >         allow-transfer { slave; };
> > };
>
> > zone "company.abc.com" {
> >         type master;
> >         file "db.company.abc.com";
> >         notify yes;
> >         forwarders { };
> >         allow-transfer { slave; };
> > };
>
> > //End of named.conf for Pri DNS
> > ------------------------------------------------
>
> > // root.hint
>
> > .	3600000	IN	NS	A.ROOT-SERVERS.NET.
> > A-ROOT-SERVERS.NET.	3600000	A	130.1.2.3
>
> > //End of root.hint
>
>Ok, you are running internal-roots with a single server, this
>might fail ( you should need 3 )
>
> > -------------------------------------------------
> > // db.localhost
> > @	4h	IN	SOA	pridns.company.def.com.	postmaster.company.def.com.	(
> > 				2001051701	// Serial Number
> > 				28800		// Refresh (8 hrs.)
> > 				7200		// Retry (2 hrs.)
> > 				604800		// Expire (7 days)
> > 				86400)		// Minimum (1 day)
> > 	IN	NS	pridns.company.def.com.
> > $TTL 1h
> > 	IN	A	127.0.0.1
>
> > // End of db.localhost
>
> > ------------------------------------------------
> > // db.127.0.0
> > @	4h	IN	SOA	pridns.company.def.com.		postmaster.company.def.com.	(
> > 	2001051700	// Serial number
> > 	28800		// Refresh (8 hrs.)
> > 	7200		// Retry (2 hrs.)
> > 	604800		// Expire (7 days)
> > 	86400)		// Minimum (1 day)
>
> > 	IN	NS	pridns.company.def.com.
> > 1	IN	PTR	localhost.
>
> > //End of db.127.0.0
>
> > ------------------------------------------------
> > // db.company.abc.com
> > @	4h	IN	SOA	pridns.company.def.com.		postmaster.company.def.com.	(
> > 	200105171	// Serial number
> > 	28800		// Refresh (8 hrs.)
> > 	7200		// Retry (2 hrs.)
> > 	604800		// Expire (7 days)
> > 	86400)		// Minimum (1 day)
>
> > 	IN	NS	pridns.company.def.com.
> > 	IN	NS	slavedns.company.def.com.
>
>if this is the zonefile for "company.def.com." you cannot
>say anything about "def.com." here.   it should be done at '.' or
>'.com' level ( probably in your root-server )
>
>
> > pridns.company.def.com.		IN	A	130.1.2.3
> > slavedns.company.def.com.	IN	A	130.1.2.4
>
> > xyz.company.abc.com.	IN	NS	pridns.xyz.company.abc.com.
> > pridns.xyz.company.abc.com.	IN	A	172.7.8.9
>
>
> > intranet.company.abc.com	IN	A	130.1.2.10
>
>
> > // End of db.company.abc.com
>
> > -------------------------------------------------
> > // db.130.1.2
> > @	4h	IN	SOA	pridns.company.def.com.		postmaster.company.def.com.	(
> > 		200105173	// Serial number
> > 		28800		// Refresh (8 hrs.)
> > 		7200		// Retry (2 hrs.)
> > 		604800		// Expire (7 days)
> > 		86400)		// Minimum (1 day)
>
> > 	IN	NS	pridns.company.def.com.	// master nameserver
> > 	IN	NS	slavednsdns.company.def.com.	// slave nameserver
>
> > 3	IN	PTR	pridns.company.def.com.
> > 4	IN	PTR	slavedns.company.def.com.
>
> > // End of db.130.1.2
> > ------------------------------------------------
>
> > //etc/resolv.conf
> > domain	company.def.com
> > nameserver	130.1.2.3
> > nameserver	130.1.2.4
>
> > Pls advise what went wrong.
> > ------------------------------------------------
>
>
>
> >>From: phn at icke-reklam.ipsec.nu
> >>To: comp-protocols-dns-bind at isc.org
> >>Subject: Re: Sub-domain delegation for BIND 9.2.3
> >>Date: Fri, 3 Sep 2004 17:53:16 +0000 (UTC)
> >>
> >>Apache Apache <apacheusr at hotmail.com> wrote:
> >> > Hi,
> >>
> >> > Have done as advised but when I performed a nslookup, I can only get
> >> > non-existent host/domain and not able to resolve
> >>host.xyz.company.abc.com.
> >> > Pls advise is there anything that I missed out. Thank you.
> >>
> >>
> >> >>From: phn at icke-reklam.ipsec.nu
> >> >>To: comp-protocols-dns-bind at isc.org
> >> >>Subject: Re: Sub-domain delegation for BIND 9.2.3
> >> >>Date: Thu, 2 Sep 2004 16:52:18 +0000 (UTC)
> >> >>
> >> >>Apache Apache <apacheusr at hotmail.com> wrote:
> >> >> > I have a server (ie. serverA) running BIND 9.2.3 and is a master 
>DNS
> >>fo=
> >> >>r=20
> >> >> > parent domain company.abc.com. Users are pointing to this server 
>for
> >>na=
> >> >>me=20
> >> >> > resolution.
> >> >>
> >> >> > I have another server (ie. serverB using F5 DNS) and I would like
> >> >>this=20
> >> >> > server to serve the domain xyz.company.abc.com.
> >> >>
> >> >> > What are the changes required on my named.conf and 
>db.company.abc.com
> >>f=
> >> >>or=20
> >> >> > serverA in order for users to be able to resolve
> >>host.xyz.company.abc.c=
> >> >>om???
> >> >>
> >> >>A proper delagation. ( a couple of NS records in xyz.company.abc.com. 
>)
> >> >>
> >> >> > Thank you.
> >> >>
> >> >> > _________________________________________________________________
> >> >> > Get MSN Hotmail alerts on your mobile.=20
> >> >> > http://mobile.msn.com/ac.aspx?cid=3Duuhp_hotmail
> >> >>
> >> >>
> >> >>
> >> >>--=20
> >> >>Peter H=E5kanson        =20
> >> >>         IPSec  Sverige      ( At Gothenburg Riverside )
> >> >>            Sorry about my e-mail address, but i'm trying to keep 
>spam
> >>out=
> >> >>,
> >> >>	   remove "icke-reklam" if you feel for mailing me. Thanx.
> >> >>
> >>
> >> > _________________________________________________________________
> >> > Get MSN Hotmail alerts on your mobile.
> >> > http://mobile.msn.com/ac.aspx?cid=uuhp_hotmail
> >>
> >>Proper delegation is to add a 'NS' records where LHS is the sibdomain 
>name
> >>and RHS is the FQDN of the nameserver(s) configured as servers for the
> >>zone.
> >>
> >>nslookup is a tool that is broken in most hands. The symptoms you tell
> >>about
> >>might be problems with nslookup.
> >>
> >>Why don't you publish the name of the zone , the contents ( at least the
> >>relevant parts)
> >>of the zonefile(s) and configfiles ? That way we don't have to guess
> >>
> >>
> >>--
> >>Peter Håkanson
> >>         IPSec  Sverige      ( At Gothenburg Riverside )
> >>            Sorry about my e-mail address, but i'm trying to keep spam 
>out,
> >>	   remove "icke-reklam" if you feel for mailing me. Thanx.
> >>
>
> > _________________________________________________________________
> > Fast. Clear. Easy. The new MSN Search. http://search.msn.com.sg/
>
>
>
>--
>Peter Håkanson
>         IPSec  Sverige      ( At Gothenburg Riverside )
>            Sorry about my e-mail address, but i'm trying to keep spam out,
>	   remove "icke-reklam" if you feel for mailing me. Thanx.
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



More information about the bind-users mailing list