Adding a new zone

Jacob Laack JLaack at alegent.org
Fri Sep 16 21:09:07 UTC 2005


I'm sorry to waste everyone's time.  The db.myalegent.org file was owned =
by root and not by the named user.  named couldn't read it and, therefore, =
couldn't inport the information into it.  The permissions were properly =
set on the slave machine, which is why it worked there.  Thanks for your =
help guys.

>>> Kevin Darcy <kcd at daimlerchrysler.com> 9/16/2005 3:00:09 PM >>>
Looks like the zone didn't load properly. Anything in the logs? You=20
might want to run named-checkzone on it.

- Kevin

Jacob Laack wrote:

>I thought maybe it was because the requests were forwarded so I added a =
=3D
>"forwarders {};" to the named.conf file but it still doesn't work.  Here =
=3D
>is me asking my master dns server where these hostnames (www.myalegent.org=
 =3D
>& myalegent.org) point to followed by www.myalegent.com:=20
>
>dns1{root}/usr/local/named# dig @dns1 www.myalegent.org=3D20=20
>
>; <<>> DiG 9.2.3 <<>> @dns1 www.myalegent.org=3D20=20
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23320
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;www.myalegent.org.             IN      A
>
>;; Query time: 5 msec
>;; SERVER: 160.xx.xx.xx#53(dns1)
>;; WHEN: Fri Sep 16 14:48:04 2005
>;; MSG SIZE  rcvd: 35
>
>dns1{root}/usr/local/named# dig @dns1 myalegent.org
>
>; <<>> DiG 9.2.3 <<>> @dns1 myalegent.org
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44593
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;myalegent.org.                 IN      A
>
>;; Query time: 5 msec
>;; SERVER: 160.xx.xx.xx#53(dns1)
>;; WHEN: Fri Sep 16 14:48:09 2005
>;; MSG SIZE  rcvd: 31
>
>dns1{root}/usr/local/named# dig @dns1 www.myalegent.com=3D20=20
>
>; <<>> DiG 9.2.3 <<>> @dns1 www.myalegent.com=3D20=20
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25768
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
>
>;; QUESTION SECTION:
>;www.myalegent.com.             IN      A
>
>;; ANSWER SECTION:
>www.myalegent.com.      86400   IN      A       160.xx.xx.xx
>
>;; AUTHORITY SECTION:
>myalegent.com.          86400   IN      NS      dns2.myalegent.com.
>myalegent.com.          86400   IN      NS      littlewill.teamalegent.com=
.=3D
>
>myalegent.com.          86400   IN      NS      dns1.myalegent.com.
>
>;; ADDITIONAL SECTION:
>dns1.myalegent.com.     86400   IN      A       160.xx.xx.xx
>dns2.myalegent.com.     86400   IN      A       160.xx.xx.xx
>littlewill.teamalegent.com. 86400 IN    A       160.xx.xx.xx
>
>;; Query time: 6 msec
>;; SERVER: 160.xx.xx.xx#53(dns1)
>;; WHEN: Fri Sep 16 14:49:59 2005
>;; MSG SIZE  rcvd: 174
>
>
>-Jake
>
>Jake Laack
>Alegent Health, OSE
>402-717-1146
>
> =20
>
>>>>Kevin Darcy <kcd at daimlerchrysler.com> 9/16/2005 2:37:41 PM >>>
>>>>       =20
>>>>
>Offhand that looks fine. Were there any errors in your log when named=3D20=

>tried to load the zone? What is the exact error you're getting when =
you=3D20
>query myalegent.org (it might help if you use a real lookup tool =
like=3D20
>dig instead of nslookup)? Is it NXDOMAIN or SERVFAIL or something =
else?=3D20
>Are you sure you're querying one of the nameservers defined as master=3D20=

>for the zone?
>
>- Kevin
>
>Jacob Laack wrote:
>
> =20
>
>>My company's users found out that the .org version of our intranet site =
=3D
>>   =20
>>
>=3D3D
> =20
>
>>has been bought and is pointing to some nasty website.  We already own =
=3D
>>   =20
>>
>and =3D3D
> =20
>
>>use the .com domain for our intranet portal.  I would like to create a =
=3D
>>   =20
>>
>new =3D3D
> =20
>
>>zone for the .org domain on our internal dns servers to point to the =
.com =3D
>>   =20
>>
>=3D3D
> =20
>
>>domain.  This way we can prevent them from going to the nasty site.
>>
>>I've inherited this DNS system (currently running BIND 9.2.3 on two aix =
=3D
>>   =20
>>
>=3D3D
> =20
>
>>servers) and haven't had to add a new zone before.  I duplicated the =
zone =3D
>>   =20
>>
>=3D3D
> =20
>
>>entry in named.conf, copied the db.myalegent.com file to db.myalegent.org=
,=3D
>>   =20
>>
> =3D3D
> =20
>
>>deleted all the entries, edited all the .com's to .org's, and ran "rdnc =
=3D
>>   =20
>>
>=3D3D
> =20
>
>>reload".  Unfortunately, nslookup myalegent.org doesn't work.  What am I =
=3D
>>   =20
>>
>=3D3D
> =20
>
>>doing incorrectly?  The new db.myalegent.org is here:
>>
>>$ORIGIN .
>>$TTL 86400      ; 1 day
>>myalegent.org           IN SOA  DNS1.myalegent.org. jlaack.alegent.org. =
(
>>                               651        ; serial
>>                               10800      ; refresh (3 hours)
>>                               3600       ; retry (1 hour)
>>                               604800     ; expire (1 week)
>>                               86400      ; minimum (1 day)
>>                               )
>>                       NS      dns1.myalegent.org.
>>                       NS      dns2.myalegent.org.
>>                       NS      littlewill.teamalegent.com.
>>                       A       160.xx.xx.xx
>>$ORIGIN myalegent.org.
>>dns1            A       160.xx.xx.xx
>>dns2            A       160.xx.xx.xx
>>www             A       160.xx.xx.xx
>>
>>The relevant section of named.conf is here:
>>
>>zone "myalegent.org" {
>>       type master;
>>       file "db.myalegent.org";
>>
>>    allow-update {
>>         key dns1-dns1 ;
>>         key dns1-dns2 ;
>>         key dnsuser-key ;
>>       };
>>
>>    allow-transfer {
>>         160.xx.xx.xx;
>>         160.xx.xx.xx;
>>    };
>>};
>>
>>
>>Thanks.
>>
>>
>>
>>
>>
>>
>>=3D20
>>
>>   =20
>>
>
>
>
>
>
>
>
>
>
> =20
>







More information about the bind-users mailing list