how to create a private "test." zone?

Rui Lopes rgl at ruilopes.com
Mon Mar 2 22:27:37 UTC 2009 

Hi,

Ben Bridges wrote:
> > sun
> >    NB: it also forwards to "isp" dns server.
> If your sun server is configured to use your isp dns server as a
> forwarder, then I think it will forward requests for example.test
> to the isp server even though it delegated example.test to plesk. 
> That would seem to be supported by the fact that your sun server knows
> it is not authoritative for example.test (no AA flag in response to
> the query for example.test) and that you see it sending requests
> to the isp server (although you don't specify that it is sending
> requests to it for example.test).
Ah sorry, its indeed sending requests to it for the example.test domain.

> You could try creating example.test as a forward zone in named.conf on
> your sun server and specifying plesk as the forwarder for that zone.
Indeed, adding a forward zone like bellow works!  but why does it work?
or why is it needed?

zone "example.test" {
        type forward;
//      forward only;
//      forwarders { 192.168.2.10; };
};

Note that I only needed to include the "type forward" line, the other
lines do not seem to be needed.  I'm I missing something?  they aren't
really needed?  By reading the bind manual it seems we have to include them.


BTW, if I try to query without recurse (and without addind the forward
zone as above):

    dig example.test +norecurse
; <<>> DiG 9.4.2-P2 <<>> example.test +norecurse
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62293
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;example.test.            IN    A

;; AUTHORITY SECTION:
example.test.        600    IN    NS    plesk.test.

;; ADDITIONAL SECTION:
plesk.test.        600    IN    A    192.168.2.10

;; Query time: 1 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Mon Mar  2 22:22:40 2009
;; MSG SIZE  rcvd: 66

it seems to work (that is, it returns the NS and A record for the NS)...
only when quering with recurse it fails, any ideia why?

Thanks!

Best regards,
Rui Lopes

>  
>
> ------------------------------------------------------------------------
> *From:* bind-users-bounces at lists.isc.org on behalf of Rui Lopes
> *Sent:* Sun 3/1/2009 2:46 PM
> *To:* bind-users at lists.isc.org
> *Subject:* how to create a private "test." zone?
>
> Hello,
>
> I'm trying to create a private "test." zone for use in my local
> "testing lab".
>
> I've setup an recursive DNS server that will serve the "test." zone
> (in Sun host; see the network diagram bellow).
>
> The resolution of a domain in the "test" zone works as expected, eg:
>
>     dig sun.test
> ; <<>> DiG 9.4.2-P2 <<>> sun.test
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> 0
>
> ;; QUESTION SECTION:
> ;sun.test.                      IN      A
>
> ;; ANSWER SECTION:
> sun.test.               600     IN      A       192.168.2.1
>
> ;; AUTHORITY SECTION:
> test.                   600     IN      NS      sun.test.
>
> ;; Query time: 2 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Sun Mar  1 10:39:28 2009
> ;; MSG SIZE  rcvd: 56
>
>
> After this, I wanted to delegate the "example.test." zone to another
> local DNS server of mine (the Plesk host). I did the delegation by
> adding the following RR in the "test." zone (in the Sun host):
>
>     example         IN      NS      plesk
>
>
> I tried to resolve the "example.test" domain with:
>
>     dig example.test
> ; <<>> DiG 9.4.2-P2 <<>> example.test
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;example.test.                  IN      A
>
> ;; Query time: 31 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Sun Mar  1 10:40:39 2009
> ;; MSG SIZE  rcvd: 30
>
>
> Which failed...
>
> NB: I can see my local dns server sending queries to my isp dns
> server.  But why?
>
> NB: Asking the same question directly at the Plesk DNS server works:
>
>     dig example.test @plesk.test
> ; <<>> DiG 9.4.2-P2 <<>> example.test @plesk.test
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2358
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> 0
>
> ;; QUESTION SECTION:
> ;example.test.                  IN      A
>
> ;; ANSWER SECTION:
> example.test.           86400   IN      A       192.168.2.10
>
> ;; AUTHORITY SECTION:
> example.test.           86400   IN      NS      plesk.test.
>
> ;; Query time: 2 msec
> ;; SERVER: 192.168.2.10#53(192.168.2.10)
> ;; WHEN: Sun Mar  1 10:41:43 2009
> ;; MSG SIZE  rcvd: 66
>
>
> What I'm doing wrong in the delegation, and how can I fix it?
>
>
> My network diagram is:
>
>     +-------------+
>     |     isp     |
>     +-------------+ 10.0.2.3 (DNS)
>            |
>     -------+------------------------------------------- 10/24
>            |
>     +-------------+ 10.0.2.15     +-------------+
>     |     sun     |               |    plesk    |
>     +-------------+ 192.168.2.1   +-------------+ 192.168.2.10
>            |                             |
>     -------+-----------------------------+------------- 192.168.2/24
>
> isp
>     my ISP DNS server host.
> sun
>     my local DNS server host that hosts the "test." zone.
>     NB: this is an recursive server.
>     NB: it also forwards to "isp" dns server.
>     NB: local resolv.conf points to 192.168.2.1
> plesk
>     my other local DNS server host that hosts the "example.test."
> zone.
>     NB: this is an authoritative server only.
>     NB: local resolv.conf points to 192.168.2.1
>
>
> This is what the Sun DNS server has about the "test." zone:
>
> $TTL            10m             ; default TTL
> $ORIGIN         test.           ; base domain-name
> @               IN      SOA     sun hostmaster (
>                                     2008042800 ; serial
>                                     10m        ; refresh
>                                     15m        ; retry
>                                     3w         ; expire
>                                     10m        ; minimum
>                                     )
>
>                 IN      NS      sun
>
> sun             IN      A       192.168.2.1
> plesk           IN      A       192.168.2.10
>
> ; delegate example.test. to plesk.test.
> example         IN      NS      plesk
> ;example        IN      A       192.168.2.10
>
>
> And this is what the Plesk DNS server has about the "example.test."
> zone:
>
> @       IN      SOA     plesk.test. ironman.example.test. (
>                         1235830200      ; Serial
>                         10800   ; Refresh
>                         3600    ; Retry
>                         604800  ; Expire
>                         10800 ) ; Minimum
>
> example.test.            IN NS   plesk.test.
> example.test.            IN A    192.168.2.10
>
>
>
> If you need more information, please let me known.
>
> Thanks!
>
>
> Best regards,
> Rui Lopes
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list