delegation problem
Mark Andrews
Mark_Andrews at isc.org
Thu Sep 16 09:53:06 UTC 2004
> Hi
> thanxs for your interest
> i've tried your hint but the result is still the same, after restarting
> named:
No it isn't. SERVFAIL != NXDOMAIN.
What does "dig +norec hosting-test.zeca.maneca" return?
> cat /var/named/chroot/etc/named.conf
> .....
> zone "zeca.maneca" {
> type master;
> notify no;
> file "zeca.maneca.db";
> allow-transfer { 127.0.0.1; };
> forwarders { /* empty */ } ;
> .....
>
> dig hosting-test.zeca.maneca
>
> ; <<>> DiG 9.2.2-P3 <<>> hosting-test.zeca.maneca
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17371
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;hosting-test.zeca.maneca. IN A
>
> ;; Query time: 12 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Sep 16 10:47:20 2004
> ;; MSG SIZE rcvd: 42
>
> dig nameserver.hosting-test.zeca.maneca.
>
> ; <<>> DiG 9.2.2-P3 <<>> nameserver.hosting-test.zeca.maneca.
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59540
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;nameserver.hosting-test.zeca.maneca. IN A
>
> ;; Query time: 13 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Sep 16 10:48:36 2004
> ;; MSG SIZE rcvd: 53
>
>
>
>
> Mark Andrews wrote:
>
> > This has been going on too long.
> >
> > Add "forwarders { /* empty */ } ;" to the zeca.maneca zone
> > declaration. This will override the forwarders in the
> > options / view section.
> >
> > Mark
> >
> >
> >
> >>Hi,
> >>thanks for helping
> >>i've edited zeca.maneca.db ( btw it's a funny portuguese name just for
> >>testing :-) ) file like you said:
> >>
> >>cat /var/named/chroot/var/named/zeca.maneca.db
> >>$ORIGIN zeca.maneca.
> >>$TTL 900 ; 15 minutes
> >>@ IN SOA zeca.maneca. root (
> >> 2004041700 ; serial
> >> 21600 ; refresh (6 hours)
> >> 1800 ; retry (30 minutes)
> >> 604800 ; expire (1 week)
> >> 900 ; minimum (15 minutes)
> >> )
> >> IN A 192.168.1.5
> >> IN NS jimi.liber4e.zapto.org.
> >>
> >>hosting-test IN NS nameserver.hosting-test.zeca.maneca.
> >>nameserver.hosting-test.zeca.maneca. IN A 192.168.1.100
> >>
> >>###########################################
> >>
> >>But still nothing shoes up, strange no?
> >>
> >>dig hosting-test.zeca.maneca any
> >>
> >>; <<>> DiG 9.2.3 <<>> hosting-test.zeca.maneca any
> >>;; global options: printcmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59379
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >>;; QUESTION SECTION:
> >>;hosting-test.zeca.maneca. IN ANY
> >>
> >>;; Query time: 113 msec
> >>;; SERVER: 192.168.1.5#53(192.168.1.5)
> >>;; WHEN: Wed Sep 15 12:57:18 2004
> >>;; MSG SIZE rcvd: 42
> >>
> >>########################
> >>
> >>dig nameserver.hosting-test.zeca.maneca any
> >>; <<>> DiG 9.2.3 <<>> nameserver.hosting-test.zeca.maneca
> >>;; global options: printcmd
> >>;; Got answer:
> >>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36782
> >>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >>;; QUESTION SECTION:
> >>;nameserver.hosting-test.zeca.maneca. IN ANY
> >>
> >>;; Query time: 189 msec
> >>;; SERVER: 192.168.1.5#53(192.168.1.5)
> >>;; WHEN: Wed Sep 15 12:54:08 2004
> >>;; MSG SIZE rcvd: 53
> >>
> >>
> >>
> >>
> >>Ladislav Vobr wrote:
> >>
> >>
> >>
> >>>see below...
> >>>
> >>>Ladislav
> >>>
> >>>jose nuno neto wrote:
> >>>
> >>>
> >>>
> >>>>Hi,
> >>>>
> >>>>I'm trying to setup a delegation zone in my internal network, i've
> >>>>read a lot, googled a lot but still it doesn't work
> >>>>My main DNS server (192.168.1.5) has:
> >>>>file named.conf
> >>>>.......
> >>>>zone "zeca.maneca" {
> >>>> type master;
> >>>> notify no;
> >>>> file "zeca.maneca.db";
> >>>> allow-transfer { 127.0.0.1; };
> >>>>};
> >>>>..........
> >>>>file zeca.maneca.db
> >>>>$ORIGIN zeca.maneca.
> >>>>$TTL 900 ; 15 minutes
> >>>>@ IN SOA zeca.maneca. root (
> >>>> 2004041700 ; serial
> >>>> 21600 ; refresh (6 hours)
> >>>> 1800 ; retry (30 minutes)
> >>>> 604800 ; expire (1 week)
> >>>> 900 ; minimum (15 minutes)
> >>>> )
> >>>> IN A 192.168.1.5
> >>>> IN NS jimi.liber4e.zapto.org. (other zone i have
> >>>>configured)
> >>>>hosting-test NS nameserver.hosting-test.zeca.maneca.
> >>>>nameserver.hosting-test IN A 192.168.1.100
> >>>>
> >>>>My delegated server (192.168.1.100) has
> >>>>file named.conf
> >>>>.........
> >>>>zone "hosting-test.zeca.maneca" IN {
> >>>> type master;
> >>>> file "hosting-test.zeca.maneca.zone";
> >>>>};
> >>>>............
> >>>>
> >>>>file hosting-test.zeca.maneca.zone
> >>>>$ORIGIN hosting-test.zeca.maneca.
> >>>>$TTL 900 ; 15 minutes
> >>>>@ IN SOA hosting-test.zeca.maneca. root (
> >>>> 2004041700 ; serial
> >>>> 21600 ; refresh (6 hours)
> >>>> 1800 ; retry (30 minutes)
> >>>> 604800 ; expire (1 week)
> >>>> 900 ; minimum (15 minutes)
> >>>> )
> >>>> IN A 192.168.1.100
> >>>> IN NS nameserver.hosting-test.zeca.maneca.
> >>>>nameserver IN A 192.168.1.100
> >>>>
> >>>>#####################################
> >>>>
> >>>>When I do:
> >>>>dig hosting-test.zeca.maneca
> >>>>; <<>> DiG 9.2.3 <<>> hosting-test.zeca.maneca
> >>>>;; global options: printcmd
> >>>>
> >>>>
> >>>;; Got answer:
> >>>
> >>>
> >>>>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30745
> >>>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >>>>
> >>>>;; QUESTION SECTION:
> >>>>;hosting-test.zeca.maneca. IN A
> >>>>
> >>>>;; Query time: 132 msec
> >>>>;; SERVER: 192.168.1.5#53(192.168.1.5)
> >>>>;; WHEN: Tue Sep 14 17:48:01 2004
> >>>>;; MSG SIZE rcvd: 42
> >>>>
> >>>>
> >>>
> >>>as I see above 192.168.1.5 is authoritative a zeca.maneca zone (btw,
> >>>what is this :-) ). You asked about A record (default) for
> >>>hosting-test.zeca.maneca which is not defined in the file, you have
> >>>defined only the NS record. that's why you see NXDOMAIN aswer
> >>>
> >>>
> >>>
> >>>>###################################
> >>>>
> >>>>and when I do:
> >>>>dig hosting-test.zeca.maneca @192.168.1.100
> >>>>; <<>> DiG 9.2.3 <<>> hosting-test.zeca.maneca @192.168.1.100
> >>>>;; global options: printcmd
> >>>>;; Got answer:
> >>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25929
> >>>>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> >>>>
> >>>>;; QUESTION SECTION:
> >>>>
> >>>>
> >>>;hosting-test.zeca.maneca. IN A
> >>>
> >>>
> >>>>;; ANSWER SECTION:
> >>>>hosting-test.zeca.maneca. 900 IN A 192.168.1.100
> >>>>
> >>>>;; AUTHORITY SECTION:
> >>>>hosting-test.zeca.maneca. 900 IN NS
> >>>>nameserver.hosting-test.zeca.maneca.
> >>>>
> >>>>;; ADDITIONAL SECTION:
> >>>>nameserver.hosting-test.zeca.maneca. 900 IN A 192.168.1.100
> >>>>
> >>>>;; Query time: 12 msec
> >>>>;; SERVER: 192.168.1.100#53(192.168.1.100)
> >>>>;; WHEN: Tue Sep 14 17:48:09 2004
> >>>>;; MSG SIZE rcvd: 99
> >>>>
> >>>>
> >>>>
> >>>on the other hand 192.168.1.100 is authoritative for
> >>>hosting-test.zeca.maneca and you have defined the A records for
> >>>nameserver.hosting-test.zeca.maneca. thus you see what you see.
> >>>
> >>>If you want to delegate from 192.168.1.5 hosting-test.zeca.maneca to
> >>>192.168.1.100 you have to mentioned in the zeca.maneca.db on
> >>>192.168.1.5 the following
> >>>
> >>>hosting-test IN NS nameserver.hosting-test.zeca.maneca.
> >>>nameserver.hosting-test.zeca.maneca. IN A 192.168.1.100
> >>>
> >>>you should always have more than one NS record (more than one
> >>>nameserver)..
> >>>
> >>>
> >>>
> >>>>What I'm missing here? any hints are very welcome
> >>>>
> >>>>Best regards
> >>>>Jose Nuno Neto
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> >>
> >--
> >Mark Andrews, ISC
> >1 Seymour St., Dundas Valley, NSW 2117, Australia
> >PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
> >
> >
> >
>
>
> --
> Atenciosamente,
> Jose' Nuno Neto
>
> Liber4e Consultoria Informática LDA
> WEB: www.liber4e.com
> TLF:00 351 962808587
> eMail: jose.neto at liber4e.com
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list