delegation problem

Mark Andrews Mark_Andrews at isc.org
Thu Sep 16 09:53:06 UTC 2004


> Hi
> thanxs for your interest
> i've tried your hint but the result is still the same, after restarting 
> named:

	No it isn't.  SERVFAIL != NXDOMAIN.

	What does "dig +norec hosting-test.zeca.maneca" return?
 
> cat /var/named/chroot/etc/named.conf
> .....
> zone "zeca.maneca" {
>         type master;
>         notify no;
>         file "zeca.maneca.db";
>         allow-transfer { 127.0.0.1; };
>         forwarders { /* empty */ } ;
> .....
> 
> dig hosting-test.zeca.maneca
> 
> ; <<>> DiG 9.2.2-P3 <<>> hosting-test.zeca.maneca
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17371
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;hosting-test.zeca.maneca.      IN      A
> 
> ;; Query time: 12 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Sep 16 10:47:20 2004
> ;; MSG SIZE  rcvd: 42
> 
> dig nameserver.hosting-test.zeca.maneca.
> 
> ; <<>> DiG 9.2.2-P3 <<>> nameserver.hosting-test.zeca.maneca.
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59540
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;nameserver.hosting-test.zeca.maneca. IN        A
> 
> ;; Query time: 13 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Sep 16 10:48:36 2004
> ;; MSG SIZE  rcvd: 53
> 
> 
> 
> 
> Mark Andrews wrote:
> 
> >	This has been going on too long.
> >
> >	Add "forwarders { /* empty */ } ;" to the zeca.maneca zone
> >	declaration.  This will override the forwarders in the
> >	options / view section.
> >
> >	Mark
> >
> >  
> >
> >>Hi,
> >>thanks for helping
> >>i've edited zeca.maneca.db ( btw it's a funny portuguese name just for 
> >>testing :-)  )  file like you said:
> >>
> >>cat /var/named/chroot/var/named/zeca.maneca.db
> >>$ORIGIN zeca.maneca.
> >>$TTL 900        ; 15 minutes
> >>@       IN SOA  zeca.maneca. root (
> >>                                2004041700 ; serial
> >>                                21600      ; refresh (6 hours)
> >>                                1800       ; retry (30 minutes)
> >>                                604800     ; expire (1 week)
> >>                                900        ; minimum (15 minutes)
> >>                                )
> >>        IN      A       192.168.1.5
> >>        IN      NS      jimi.liber4e.zapto.org.
> >>
> >>hosting-test IN NS nameserver.hosting-test.zeca.maneca.
> >>nameserver.hosting-test.zeca.maneca. IN A 192.168.1.100
> >>
> >>###########################################
> >>
> >>But still nothing shoes up, strange no?
> >>
> >>dig hosting-test.zeca.maneca any
> >>
> >>; <<>> DiG 9.2.3 <<>> hosting-test.zeca.maneca any
> >>;; global options:  printcmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59379
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >>;; QUESTION SECTION:
> >>;hosting-test.zeca.maneca.      IN      ANY
> >>
> >>;; Query time: 113 msec
> >>;; SERVER: 192.168.1.5#53(192.168.1.5)
> >>;; WHEN: Wed Sep 15 12:57:18 2004
> >>;; MSG SIZE  rcvd: 42
> >>
> >>########################
> >>
> >>dig nameserver.hosting-test.zeca.maneca any
> >>; <<>> DiG 9.2.3 <<>> nameserver.hosting-test.zeca.maneca
> >>;; global options:  printcmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36782
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >>;; QUESTION SECTION:
> >>;nameserver.hosting-test.zeca.maneca. IN        ANY
> >>
> >>;; Query time: 189 msec
> >>;; SERVER: 192.168.1.5#53(192.168.1.5)
> >>;; WHEN: Wed Sep 15 12:54:08 2004
> >>;; MSG SIZE  rcvd: 53
> >>
> >>
> >>
> >>
> >>Ladislav Vobr wrote:
> >>
> >>    
> >>
> >>>see below...
> >>>
> >>>Ladislav
> >>>
> >>>jose nuno neto wrote:
> >>>
> >>>      
> >>>
> >>>>Hi,
> >>>>
> >>>>I'm trying to setup a delegation zone in my internal network, i've 
> >>>>read a lot, googled a lot but still it doesn't work
> >>>>My main DNS server (192.168.1.5) has:
> >>>>file named.conf
> >>>>.......
> >>>>zone "zeca.maneca" {
> >>>>        type master;
> >>>>        notify no;
> >>>>        file "zeca.maneca.db";
> >>>>        allow-transfer { 127.0.0.1; };
> >>>>};
> >>>>..........
> >>>>file zeca.maneca.db
> >>>>$ORIGIN zeca.maneca.
> >>>>$TTL 900        ; 15 minutes
> >>>>@       IN SOA  zeca.maneca. root (
> >>>>                                2004041700 ; serial
> >>>>                                21600      ; refresh (6 hours)
> >>>>                                1800       ; retry (30 minutes)
> >>>>                                604800     ; expire (1 week)
> >>>>                                900        ; minimum (15 minutes)
> >>>>                                )
> >>>>        IN      A       192.168.1.5
> >>>>        IN      NS      jimi.liber4e.zapto.org.   (other zone i have 
> >>>>configured)
> >>>>hosting-test            NS      nameserver.hosting-test.zeca.maneca.
> >>>>nameserver.hosting-test IN      A       192.168.1.100
> >>>>
> >>>>My delegated server (192.168.1.100) has
> >>>>file named.conf
> >>>>.........
> >>>>zone "hosting-test.zeca.maneca" IN {
> >>>>        type master;
> >>>>        file "hosting-test.zeca.maneca.zone";
> >>>>};
> >>>>............
> >>>>
> >>>>file hosting-test.zeca.maneca.zone
> >>>>$ORIGIN hosting-test.zeca.maneca.
> >>>>$TTL 900        ; 15 minutes
> >>>>@       IN SOA  hosting-test.zeca.maneca. root (
> >>>>                                2004041700 ; serial
> >>>>                                21600      ; refresh (6 hours)
> >>>>                                1800       ; retry (30 minutes)
> >>>>                                604800     ; expire (1 week)
> >>>>                                900        ; minimum (15 minutes)
> >>>>                                )
> >>>>                IN      A       192.168.1.100
> >>>>                IN      NS      nameserver.hosting-test.zeca.maneca.
> >>>>nameserver      IN      A       192.168.1.100
> >>>>
> >>>>#####################################
> >>>>
> >>>>When I do:
> >>>>dig hosting-test.zeca.maneca
> >>>>; <<>> DiG 9.2.3 <<>> hosting-test.zeca.maneca
> >>>>;; global options:  printcmd
> >>>>        
> >>>>
> >>>;; Got answer:
> >>>      
> >>>
> >>>>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30745
> >>>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >>>>
> >>>>;; QUESTION SECTION:
> >>>>;hosting-test.zeca.maneca.      IN      A
> >>>>
> >>>>;; Query time: 132 msec
> >>>>;; SERVER: 192.168.1.5#53(192.168.1.5)
> >>>>;; WHEN: Tue Sep 14 17:48:01 2004
> >>>>;; MSG SIZE  rcvd: 42
> >>>>        
> >>>>
> >>>
> >>>as I see above 192.168.1.5 is authoritative a zeca.maneca zone (btw, 
> >>>what is this :-) ). You asked about A record (default) for 
> >>>hosting-test.zeca.maneca which is not defined in the file, you have 
> >>>defined only the NS record. that's why you see NXDOMAIN aswer
> >>>
> >>>      
> >>>
> >>>>###################################
> >>>>
> >>>>and when I do:
> >>>>dig hosting-test.zeca.maneca @192.168.1.100
> >>>>; <<>> DiG 9.2.3 <<>> hosting-test.zeca.maneca @192.168.1.100
> >>>>;; global options:  printcmd
> >>>>;; Got answer:
> >>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25929
> >>>>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> >>>>
> >>>>;; QUESTION SECTION:
> >>>>        
> >>>>
> >>>;hosting-test.zeca.maneca.      IN      A
> >>>      
> >>>
> >>>>;; ANSWER SECTION:
> >>>>hosting-test.zeca.maneca. 900   IN      A       192.168.1.100
> >>>>
> >>>>;; AUTHORITY SECTION:
> >>>>hosting-test.zeca.maneca. 900   IN      NS      
> >>>>nameserver.hosting-test.zeca.maneca.
> >>>>
> >>>>;; ADDITIONAL SECTION:
> >>>>nameserver.hosting-test.zeca.maneca. 900 IN A   192.168.1.100
> >>>>
> >>>>;; Query time: 12 msec
> >>>>;; SERVER: 192.168.1.100#53(192.168.1.100)
> >>>>;; WHEN: Tue Sep 14 17:48:09 2004
> >>>>;; MSG SIZE  rcvd: 99
> >>>>
> >>>>        
> >>>>
> >>>on the other hand 192.168.1.100 is authoritative for 
> >>>hosting-test.zeca.maneca and you have defined the A records for 
> >>>nameserver.hosting-test.zeca.maneca. thus you see what you see.
> >>>
> >>>If you want to delegate from 192.168.1.5 hosting-test.zeca.maneca to 
> >>>192.168.1.100 you have to mentioned in the zeca.maneca.db on 
> >>>192.168.1.5 the following
> >>>
> >>>hosting-test IN NS nameserver.hosting-test.zeca.maneca.
> >>>nameserver.hosting-test.zeca.maneca. IN A 192.168.1.100
> >>>
> >>>you should always have more than one NS record (more than one 
> >>>nameserver)..
> >>>
> >>>      
> >>>
> >>>>What I'm missing here? any hints are very welcome
> >>>>
> >>>>Best regards
> >>>>Jose Nuno Neto
> >>>>
> >>>>
> >>>>
> >>>>        
> >>>>
> >>    
> >>
> >--
> >Mark Andrews, ISC
> >1 Seymour St., Dundas Valley, NSW 2117, Australia
> >PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> >
> >  
> >
> 
> 
> -- 
> Atenciosamente,
> Jose' Nuno Neto
> 
> Liber4e Consultoria Informática LDA
> WEB: www.liber4e.com
> TLF:00 351 962808587
> eMail: jose.neto at liber4e.com
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list