Delegation

Mark Andrews Mark_Andrews at isc.org
Thu Feb 14 23:29:38 UTC 2008


> Hello list,
> 
>   I am hoping that someone will be able to help me with an issue I had
>   assumed would be simple to resolve but is proving otherwise.
> 
>   Currently our dns infrastructure runs bind 9.3.0 it has one primary
>   and and 7 Slaves.  At the moment we are in the process of migrating to
>   a new infrastructure and we wanted to migrate zones one at a time in a
>   safe, testable and easily revertible method.
> 
>   Our primary server on the current infrastructure is ns1.example.com,
>   (slaves: ns2.example.com - ns8.example.com),
>   the primary on the new infrastructure is ns1.example.net (salves:
>   ns2.example.net & ns3.example.net) and
>   the zone to transfer/migrate is test.org
> 
>   I have set up the zone test.org on the new infrastructure and querying
>   the box directly works fine,  the registered nameservers for test.org
>   in the root domain .org zone is set to ns1.example.com (and the rest
>   of that infrastructure) .  Until I am confident that things work I
>   would like to leave things like that.  However I want ns1.example.com
>   to send all requests to the new infrastructure (delegate?).  I dont
>   think fowarders will do what i want as i need to test a faliure to the
>   primary server and ensure the slaves kick in.  In an effort to fix
>   this i created the following zone on ns1.example.com
> 
>   #################zone file for test.org#############################
>   $TTL 60
>   @               IN      SOA ns1.example.com. hostmaster.ns1.example.com (
>                         2008021409      ;Serial  yyyymmddvv
>                         21600           ;Refresh 6 hours
>                         900             ;Retry   15 minutes
>                         1209600         ;Expire  2 weeks
>                         12800)          ;Min     3 hours
> 
>                 IN      NS      ns1.example.net.
>                 IN      NS      ns2.example.net.
>                 IN      NS      ns3.example.net.
> 
>   ###############end zone file for test.org###########################
> 
> 
>   I had hoped that this would delegate the entire zone to the new
>   infrastructure but when i test* my query stops at ns1.example.com and
>   is never forwarded to ns1.eduserv.net. If i do an NS lookup though it
>   appears as if everything is set up correctly.
> 
>   I have tried google and nothing comes up.  i am starting to come to
>   the conclusion that the way I'm doing things is not the correct way.
>   if anyone could point me in the right direction of what im doing wrong
>   and how i can archive what i want it would be much appreciated.
> 
>   Everything below here is testing output
>   thanks john
> 
>   *see below for test results note that real fqdn have been swapped for
>   the domains used above
>   ########################################################
>   dig +trace test0.test.org
>   ; <<>> DiG 9.4.2 <<>> +trace test0.test.org
>   ;; global options:  printcmd
>   .                       4759    IN      NS      b.root-servers.net.
>   .                       4759    IN      NS      c.root-servers.net.
>   .                       4759    IN      NS      d.root-servers.net.
>   .                       4759    IN      NS      e.root-servers.net.
>   .                       4759    IN      NS      f.root-servers.net.
>   .                       4759    IN      NS      g.root-servers.net.
>   .                       4759    IN      NS      h.root-servers.net.
>   .                       4759    IN      NS      i.root-servers.net.
>   .                       4759    IN      NS      j.root-servers.net.
>   .                       4759    IN      NS      k.root-servers.net.
>   .                       4759    IN      NS      l.root-servers.net.
>   .                       4759    IN      NS      m.root-servers.net.
>   .                       4759    IN      NS      a.root-servers.net.
>   ;; Received 433 bytes from 192.168.33.223#53(192.168.33.223) in 2 ms
> 
>   org.                    172800  IN      NS      B0.ORG.AFILIAS-NST.org.
>   org.                    172800  IN      NS      A0.ORG.AFILIAS-NST.INFO.
>   org.                    172800  IN      NS      C0.ORG.AFILIAS-NST.INFO.
>   org.                    172800  IN      NS      D0.ORG.AFILIAS-NST.org.
>   org.                    172800  IN      NS      TLD2.ULTRADNS.NET.
>   org.                    172800  IN      NS      TLD1.ULTRADNS.NET.
>   ;; Received 430 bytes from 192.112.36.4#53(g.root-servers.net) in 192 ms
> 
>   test.org.       86400   IN      NS      ns1.example.com.
>   test.org.       86400   IN      NS      ns2.example.com.
>   ;; Received 101 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO) in 21 ms
> 
>   test.org.       60      IN      SOA     ns1.example.com.
>   hostmaster.ns1.example.com 2008021409 21600 900 1209600 12800
>   ;; Received 113 bytes from 123.123.123.123#53(ns1.example.com) in 17 ms
>   ################################################
> 
>   dig +trace NS test.org
>   ; <<>> DiG 9.4.2 <<>> +trace NS test.org
>   ;; global options:  printcmd
>   .                       4237    IN      NS      b.root-servers.net.
>   .                       4237    IN      NS      c.root-servers.net.
>   .                       4237    IN      NS      d.root-servers.net.
>   .                       4237    IN      NS      e.root-servers.net.
>   .                       4237    IN      NS      f.root-servers.net.
>   .                       4237    IN      NS      g.root-servers.net.
>   .                       4237    IN      NS      h.root-servers.net.
>   .                       4237    IN      NS      i.root-servers.net.
>   .                       4237    IN      NS      j.root-servers.net.
>   .                       4237    IN      NS      k.root-servers.net.
>   .                       4237    IN      NS      l.root-servers.net.
>   .                       4237    IN      NS      m.root-servers.net.
>   .                       4237    IN      NS      a.root-servers.net.
>   ;; Received 433 bytes from 192.168.33.223#53(192.168.33.223) in 14 ms
> 
>   org.                    172800  IN      NS      C0.ORG.AFILIAS-NST.INFO.
>   org.                    172800  IN      NS      D0.ORG.AFILIAS-NST.org.
>   org.                    172800  IN      NS      TLD1.ULTRADNS.NET.
>   org.                    172800  IN      NS      TLD2.ULTRADNS.NET.
>   org.                    172800  IN      NS      A0.ORG.AFILIAS-NST.INFO.
>   org.                    172800  IN      NS      B0.ORG.AFILIAS-NST.org.
>   ;; Received 424 bytes from 192.36.148.17#53(i.root-servers.net) in 19 ms
> 
>   test.org.       86400   IN      NS      ns1.example.com.
>   test.org.       86400   IN      NS      ns2.example.com.
>   ;; Received 95 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO) in 22 ms
> 
>   test.org.       60      IN      NS      ns1.example.net.
>   test.org.       60      IN      NS      ns2.example.net.
>   test.org.       60      IN      NS      ns0.example.net.
>   ;; Received 102 bytes from 152.78.129.184#53(clover.sucs.soton.ac.uk) in 16
>  ms
> 
>   #################################################
>   dig test0.test.org @ns1.example.net
> 
>   ; <<>> DiG 9.4.2 <<>> test0.eduserv-test.org @ns1.example.net
>   ;; global options:  printcmd
>   ;; Got answer:
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37523
>   ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
>   ;; WARNING: recursion requested but not available
> 
>   ;; QUESTION SECTION:
>   ;test0.test.org.                IN      A
> 
>   ;; ANSWER SECTION:
>   test0.test.org.  60      IN      A       123.123.123.123
> 
>   ;; AUTHORITY SECTION:
>   test.org.       60      IN      NS      ns1.example.net.
>   test.org.       60      IN      NS      ns2.example.net.
>   test.org.       60      IN      NS      ns3.example.net.
> 
>   ;; ADDITIONAL SECTION:
>   ns1.example.net.       60      IN      A       123.123.123.123
>   ns2.example.net.       60      IN      A       123.123.123.124
>   ns3.example.net.       60      IN      A       123.123.123.125
> 
>   ;; Query time: 3 msec
>   ;; SERVER: 123.123.123.123#53(ns0.test.org)
>   ;; WHEN: Thu Feb 14 17:12:18 2008
>   ;; MSG SIZE  rcvd: 172
> 
>   dig NS @example.com

  test.org.       86400   IN      NS      ns1.example.com.
  test.org.       86400   IN      NS      ns2.example.com.
  ;; Received 95 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO) in 22 ms

  test.org.       60      IN      NS      ns1.example.net.
  test.org.       60      IN      NS      ns2.example.net.
  test.org.       60      IN      NS      ns0.example.net.
  ;; Received 102 bytes from 152.78.129.184#53(clover.sucs.soton.ac.uk) in 16 ms



More information about the bind-users mailing list