how to create a private "test." zone?
Mark Andrews
Mark_Andrews at isc.org
Mon Mar 2 23:10:01 UTC 2009
Mark Andrews writes:
>
> In message <49AC5D59.1010707 at ruilopes.com>, Rui Lopes writes:
> > Hi,
> >
> > Ben Bridges wrote:
> > > > sun
> > > > NB: it also forwards to "isp" dns server.
> > > If your sun server is configured to use your isp dns server as a
> > > forwarder, then I think it will forward requests for example.test
> > > to the isp server even though it delegated example.test to plesk.
> > > That would seem to be supported by the fact that your sun server knows
> > > it is not authoritative for example.test (no AA flag in response to
> > > the query for example.test) and that you see it sending requests
> > > to the isp server (although you don't specify that it is sending
> > > requests to it for example.test).
> > Ah sorry, its indeed sending requests to it for the example.test domain.
> >
> > > You could try creating example.test as a forward zone in named.conf on
> > > your sun server and specifying plesk as the forwarder for that zone.
> > Indeed, adding a forward zone like bellow works! but why does it work?
> > or why is it needed?
> >
> > zone "example.test" {
> > type forward;
> > // forward only;
> > // forwarders { 192.168.2.10; };
> > };
> >
> > Note that I only needed to include the "type forward" line, the other
> > lines do not seem to be needed. I'm I missing something? they aren't
> > really needed? By reading the bind manual it seems we have to include them
> .
> >
>
> You turned off forwarding for that namespace.
> It's the equivalent of:
>
> zone "example.test" {
> type forward;
> forwarders { /* empty */ };
> };
>
>
> You could have also added it to the test zones config.
>
> zone "test" {
> type master; // or slave
// or stub
> ...
> forwarders { /* empty */ };
> };
>
> Mark
>
> > BTW, if I try to query without recurse (and without addind the forward
> > zone as above):
> >
> > dig example.test +norecurse
> > ; <<>> DiG 9.4.2-P2 <<>> example.test +norecurse
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62293
> > ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> >
> > ;; QUESTION SECTION:
> > ;example.test. IN A
> >
> > ;; AUTHORITY SECTION:
> > example.test. 600 IN NS plesk.test.
> >
> > ;; ADDITIONAL SECTION:
> > plesk.test. 600 IN A 192.168.2.10
> >
> > ;; Query time: 1 msec
> > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > ;; WHEN: Mon Mar 2 22:22:40 2009
> > ;; MSG SIZE rcvd: 66
> >
> > it seems to work (that is, it returns the NS and A record for the NS)...
> > only when quering with recurse it fails, any ideia why?
> >
> > Thanks!
> >
> > Best regards,
> > Rui Lopes
> >
> > >
> > >
> > > ------------------------------------------------------------------------
> > > *From:* bind-users-bounces at lists.isc.org on behalf of Rui Lopes
> > > *Sent:* Sun 3/1/2009 2:46 PM
> > > *To:* bind-users at lists.isc.org
> > > *Subject:* how to create a private "test." zone?
> > >
> > > Hello,
> > >
> > > I'm trying to create a private "test." zone for use in my local
> > > "testing lab".
> > >
> > > I've setup an recursive DNS server that will serve the "test." zone
> > > (in Sun host; see the network diagram bellow).
> > >
> > The resolution of a domain in the "test" zone works as expected, eg:
> > >
> > > dig sun.test
> > > ; <<>> DiG 9.4.2-P2 <<>> sun.test
> > > ;; global options: printcmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413
> > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> > > 0
> > >
> > > ;; QUESTION SECTION:
> > > ;sun.test. IN A
> > >
> > > ;; ANSWER SECTION:
> > > sun.test. 600 IN A 192.168.2.1
> > >
> > > ;; AUTHORITY SECTION:
> > > test. 600 IN NS sun.test.
> > >
> > > ;; Query time: 2 msec
> > > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > > ;; WHEN: Sun Mar 1 10:39:28 2009
> > > ;; MSG SIZE rcvd: 56
> > >
> > >
> > > After this, I wanted to delegate the "example.test." zone to another
> > > local DNS server of mine (the Plesk host). I did the delegation by
> > > adding the following RR in the "test." zone (in the Sun host):
> > >
> > > example IN NS plesk
> > >
> > >
> > > I tried to resolve the "example.test" domain with:
> > >
> > > dig example.test
> > > ; <<>> DiG 9.4.2-P2 <<>> example.test
> > > ;; global options: printcmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407
> > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > >
> > > ;; QUESTION SECTION:
> > > ;example.test. IN A
> > >
> > > ;; Query time: 31 msec
> > > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > > ;; WHEN: Sun Mar 1 10:40:39 2009
> > > ;; MSG SIZE rcvd: 30
> > >
> > >
> > > Which failed...
> > >
> > > NB: I can see my local dns server sending queries to my isp dns
> > > server. But why?
> > >
> > > NB: Asking the same question directly at the Plesk DNS server works:
> > >
> > > dig example.test @plesk.test
> > > ; <<>> DiG 9.4.2-P2 <<>> example.test @plesk.test
> > > ;; global options: printcmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2358
> > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> > > 0
> > >
> > > ;; QUESTION SECTION:
> > > ;example.test. IN A
> > >
> > > ;; ANSWER SECTION:
> > > example.test. 86400 IN A 192.168.2.10
> > >
> > > ;; AUTHORITY SECTION:
> > > example.test. 86400 IN NS plesk.test.
> > >
> > > ;; Query time: 2 msec
> > > ;; SERVER: 192.168.2.10#53(192.168.2.10)
> > > ;; WHEN: Sun Mar 1 10:41:43 2009
> > > ;; MSG SIZE rcvd: 66
> > >
> > >
> > > What I'm doing wrong in the delegation, and how can I fix it?
> > >
> > >
> > > My network diagram is:
> > >
> > > +-------------+
> > > | isp |
> > > +-------------+ 10.0.2.3 (DNS)
> > > |
> > > -------+------------------------------------------- 10/24
> > |
> > > +-------------+ 10.0.2.15 +-------------+
> > > | sun | | plesk |
> > > +-------------+ 192.168.2.1 +-------------+ 192.168.2.10
> > > | |
> > > -------+-----------------------------+------------- 192.168.2/24
> > >
> > > isp
> > > my ISP DNS server host.
> > > sun
> > > my local DNS server host that hosts the "test." zone.
> > > NB: this is an recursive server.
> > > NB: it also forwards to "isp" dns server.
> > > NB: local resolv.conf points to 192.168.2.1
> > > plesk
> > > my other local DNS server host that hosts the "example.test."
> > > zone.
> > > NB: this is an authoritative server only.
> > > NB: local resolv.conf points to 192.168.2.1
> > >
> > >
> > > This is what the Sun DNS server has about the "test." zone:
> > >
> > > $TTL 10m ; default TTL
> > > $ORIGIN test. ; base domain-name
> > > @ IN SOA sun hostmaster (
> > > 2008042800 ; serial
> > > 10m ; refresh
> > > 15m ; retry
> > > 3w ; expire
> > > 10m ; minimum
> > > )
> > >
> > > IN NS sun
> > >
> > > sun IN A 192.168.2.1
> > > plesk IN A 192.168.2.10
> > >
> > > ; delegate example.test. to plesk.test.
> > > example IN NS plesk
> > > ;example IN A 192.168.2.10
> > >
> > >
> > > And this is what the Plesk DNS server has about the "example.test."
> > > zone:
> > >
> > > @ IN SOA plesk.test. ironman.example.test. (
> > > 1235830200 ; Serial
> > > 10800 ; Refresh
> > > 3600 ; Retry
> > > 604800 ; Expire
> > > 10800 ) ; Minimum
> > >
> > > example.test. IN NS plesk.test.
> > > example.test. IN A 192.168.2.10
> > >
> > >
> > >
> > > If you need more information, please let me known.
> > >
> > > Thanks!
> > >
> > >
> > > Best regards,
> > > Rui Lopes
> > >
> > > _______________________________________________
> > > bind-users mailing list
> > > bind-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> > >
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list