Is my slave DNS working right?

Kevin Darcy kcd at chrysler.com
Wed Jul 29 18:31:40 UTC 2009


The +trace option *forces* dig to step through each level of the hierarchy.

Therefore it's not a good way of testing any kind of "override" of the 
normal iterative-resolution process.

                                                                         
                                          - Kevin

Rob Z wrote:
> Hello list,
> Here's my scenario:
> I have multiple DNS servers (one master and a few slaves) 
> authoritative for a few zones (eg mydomain.com <http://mydomain.com>, 
> zone1.mydomain.com <http://zone1.mydomain.com> etc).
> I also have a caching server (a stock Redhat caching-nameserver.rpm 
> configuration, BIND 9.2.4 ) which is used by clients on LAN to query 
> DNS for zone1.mydomain.com <http://zone1.mydomain.com>.
> As far as I understand this caching server does a full recursive 
> resolution to get information for zone1.mydomain.com 
> <http://zone1.mydomain.com> ( going to root servers, then going to 
> .com servers then to mydomain.com <http://mydomain.com> server).
> My obective is to convert this caching server into a slave server, 
> which will transfer the full zone1.mydomain.com 
> <http://zone1.mydomain.com>.
> Am I correct in the assumption that the slave server should answer 
> queries for zone1.mydomain.com <http://zone1.mydomain.com> directly as 
> it has all the information?
> I modified the config by adding
> zone "zone1.mydomain.com <http://zone1.mydomain.com>" {
>         type slave;
>         file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>";
>         masters { A.B.C.D; };
> };
> to the caching server config and configured the master server to allow 
> transfers. The zone is being transfered correctly, 
> mydomain/hosts.mydomain.com <http://hosts.mydomain.com> is popupated.
> However,
>  dig +trace @localhost host1.zone1.mydomain.com 
> <http://host1.zone1.mydomain.com>
> shows that the server is still doing a full recursion, going to the 
> root servers, tld servers etc.
> What am I missing? Do I also have to list my caching server as NS 
> record in the zone1.mydomain.com <http://zone1.mydomain.com>?
> It's located on a private network and won't be able to answer queries 
> from the Internet.
> Attached is my config file
> ===================================================
> //
> // named.conf for Red Hat caching-nameserver
> //
>
> options {
>         directory "/var/named";
>         dump-file "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
>         /*
>          * If there is a firewall between you and nameservers you want
>          * to talk to, you might need to uncomment the query-source
>          * directive below.  Previous versions of BIND always asked
>          * questions using port 53, but BIND 8.1 uses an unprivileged
>          * port by default.
>          */
>          // query-source address * port 53;
> };
>
> //
> // a caching only nameserver config
> //
> controls {
>         inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
>
> zone "." IN {
>         type hint;
>         file "named.ca <http://named.ca>";
> };
>
> zone "localdomain" IN {
>         type master;
>         file "localdomain.zone";
>         allow-update { none; };
> };
>
> zone "localhost" IN {
>         type master;
>         file "localhost.zone";
>         allow-update { none; };
> };
>
> zone "0.0.127.in-addr.arpa" IN {
>         type master;
>         file "named.local";
>         allow-update { none; };
> };
>
> zone 
> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" 
> IN {
>         type master;
>         file "named.ip6.local";
>         allow-update { none; };
> };
>
> zone "255.in-addr.arpa" IN {
>         type master;
>         file "named.broadcast";
>         allow-update { none; };
> };
>
> zone "0.in-addr.arpa" IN {
>         type master;
>         file "named.zero";
>         allow-update { none; };
> };
>
> zone "zone1.MYDOMAIN.COM <http://zone1.MYDOMAIN.COM>" {
>         type slave;
>         file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>";
>         masters { A.B.C.D; };
> };
>
> include "/etc/rndc.key";
> ===================================================
> Thanks
> Rob
> ------------------------------------------------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users




More information about the bind-users mailing list