Non-Internet "named.ca" file root hint.

Joseph S D Yao jsdy at center.osis.gov
Sat Jan 7 00:05:39 UTC 2006 

On Fri, Jan 06, 2006 at 12:01:35PM +0700, Truong Tan Son wrote:
> 
> Dear Sir,
> 
> I am using Bind for local Dns (Non-Internet connection), but
>     don't know how to make "named.ca" file for Root server (master), and Subdomain servers (slaves).
> 
> Supposes my domain is named "domain", designate to the machine "root", IP address: 1.2.3.4.
>  
> --named.ca--
> @    IN    SOA    root.domain.    man.domain.    (    
>         $serial    $refresh    $retry    $expire    $TTL
> )
> domain.                    IN        NS    root.domain.
> root.domain.             IN        A       1.2.3.4
> 
> sub.domain.              IN        NS    slave.sub.domain.
> slave.sub.domain.      IN         A      5.6.7.8
> 
> *Root server (root.domain, IP: 1.2.3.4)
>    -- named.conf --
>     zone "domain" in {
>             type master;
>             file "named.ca";
>           };
> 
> *Slave server (subdomain):
>    -- named.conf --
>    zone "domain . " in {
>             type master;
>             file "named.ca";
>           };
>     zone "sub.domain" in {
>             type slave;
>             file "db.sub.domain";
>             masters {1.2.3.4; };
>         }
> 
> 
> Please give me advice.


First - different zone files, with different names, for different zones.
They aren't all named "named.ca".  [Not sure where you came up with this
name.]  They could be, e.g., "zone.root", "zone.mycompany",
"zone.division.mycompany".  Or, "fred", "ethel", and "wilma".  ;-)

Second - the one good thing Peter said was, your root zone file is a
zone file just like any other.  In this case, you are NOT making a "root
hints" file.  Put in a $TTL, an SOA, and a list of YOUR root name
servers (not, e.g., the public Internet's).  One zone file for the root
domain, with just that.  And a SEPARATE zone file for EACH sub-domain
that gets its own zone.  Keep original copies only on the name server
that, for each domain, is designated as to hold that domain's master
copy.  In the named.conf file, have each zone statement refer to its own
zone file.  On name servers that hold copies of the zone file that are
slaved to a copy on another server, use your last form above, to point
the name server with the slaved copy to the name server with the master
copy.

(These are often, incorrectly, called a "slave server" and a "master
server" - there is nothing about the SERVER that is inherently "master"
or "slave"; the same server may have a master copy of one zone and a
slaved copy of another.)

NOTE that the root domain's zone file on one name server may also be
slaved to a master copy on another name server.

See also BCP 40 / RFC 2870: Root Name Server Operational Requirements,
and consider whether these Best Common Practices apply to your setup.

-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.

More information about the bind-users mailing list