Add new subnet on multi-homed hosts

Mark Andrews Mark_Andrews at isc.org
Mon Mar 6 21:09:12 UTC 2006 

> Barry Margolin <barmar at alum.mit.edu> writes:
> 
> > In article <due7jv$2sv9$1 at sf1.isc.org>,
> >  Harry Putnam <reader at newsguy.com> wrote:
> >
> >> db.192.168.1
> >> ===========================
> >> $TTL 1D 
> >> @       IN SOA  reader.local.lan. reader.reader.local.lan. (
> >>               200405190  ; serial
> >>               28800      ; refresh (8 hours)
> >>               14400      ; retry (4 hours)
> >>               2419200    ; expire (4 weeks)
> >>               86400      ; minimum (1 day)
> >>               )
> >> ;
> >> ; Name servers (The name '@' is implied)
> >> ;
> >>                   IN      NS     reader
> >
> > That should be "reader.local.lan."
> >
> >> ;
> >> ; Addresses point to canonical names
> >> ;
> >> 
> >> 192.168.1.2.      IN      PTR    rdmz.local.lan.
> >> 192.168.1.1.      IN      PTR    fwdmz.local.lan.
> >
> > Didn't you get error messages complaining about names outside the zone 
> > when you loaded this?  Those should be:
> 
> I've been trying lots of different stuff and may have gotten the error
> messages for this thread mixed up.  In OP I said there were none but
> as you've noted.  That does generate `out of zone' errors.
> 
> > 2 IN PTR rdmz.local.lan.
> > 1 IN PTR fwdmz.local.lan.
> 
> Ok, with changes suggested made:
> 
> Restart of named shows nothing of note...
> Further the problem I was noting of nslookup not knowing about the two
> IP s on 192.168.1/24  has disappeared too.
> 
>   reader > nslookup 192.168.1.2
>   Server:         127.0.0.1
>   Address:        127.0.0.1#53
> 
>   2.1.168.192.in-addr.arpa        name = rdmz.local.lan.
> 
> Those were small config changes but did what was needed 
> .. thanks.
> 
> I'm still confused about how $ORIGIN works and when it matters.
> 
> When db.192.168.1 is loaded.  Its ORIGIN is initially set from
> named.conf right?.   So that would be:
>    1.168.192.in-addr.arpa.
> 
> In this line:
>                    IN      NS     reader.local.lan.
> (with your correction)
> reader.local.lan is a different $ORIGIN yet it causes no errors about
> out of zone since the notation of (.) dot at the end indicates this is
> a canonical address.

	It's the *owner* of the record that has to be in zone.
	If you expand the above line you get

		1.168.192.in-addr.arpa. IN NS reader.local.lan.

	Which clearly is in zone (ends in the zones name).

 
> In OP I had (prior to your corrections)
> 
> 192.168.1.2.      IN      PTR    rdmz.local.lan.
> 192.168.1.1.      IN      PTR    fwdmz.local.lan.
> 
> Which is canonical on both ends and in the $ORIGIN, yet it was rejected
> as `out of zone'

	192.168.1.2. doesn't end in 1.168.192.in-addr.arpa.
	192.168.1.1. doesn't end in 1.168.192.in-addr.arpa.
 
> Something more that just using shortcuts is going on there.

	No.  You just need to learn more.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list