Root Server Simulation Communication Problem
T MANIKANDAN-PKXR74
manikandan.t at motorola.com
Thu Mar 26 11:57:04 UTC 2009
Ben,
In that case if I want an authoritative server and also a caching name
server, is it fine if I place both the functionalities together as a
best practice of implementation, how about security issues ?,
If I want to introduce one more server for caching functionality alone
how will I separate both in two different servers what are the changes I
will be making in my abc.com server and what configuration should be
there for the new caching name server, so that my clients can do a
external query.
Regards
Mani
________________________________
From: Ben Bridges [mailto:bbridges at springnet.net]
Sent: Tuesday, March 24, 2009 7:26 PM
To: T MANIKANDAN-PKXR74; bind-users at lists.isc.org
Subject: RE: Root Server Simulation Communication Problem
Mani,
With recursion enabled, your abc.com server is both authoritative (for
the zones configured in named.conf) and caching. If you want it to be
purely authoritative, you'll need to disable recursion. But if you want
to be able to query it for the root server (which is why you started
this thread), you're going to have to allow recursion for at least your
internal hosts because the server is not authoritative for ".". Why are
you wanting to be able to query it for the root server? To want to be
able to query a purely authoritative server for something for which it
is not authoritative is a bit of a self-contradiction.
Ben
________________________________
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of T
MANIKANDAN-PKXR74
Sent: Tuesday, March 24, 2009 12:52 AM
To: bind-users at lists.isc.org
Subject: RE: Root Server Simulation Communication Problem
Hi Ben,
Thanks for reply now my root server (rootns.man) is responding
to abc.com. after enabling the recursion to Yes in abc.com server, now
my question is, Is my abc.com still called authoritative Name server or
a caching name server I was intend to set up a authoritative name
server, and hope by enabling recursion iam still authoritative server.
Regards
Mani
________________________________
From: Ben Bridges [mailto:bbridges at springnet.net]
Sent: Friday, March 20, 2009 8:35 PM
To: T MANIKANDAN-PKXR74; bind-users at lists.isc.org
Subject: RE: Root Server Simulation Communication Problem
You have recursion disabled on your abc.com server, and I
believe that is preventing your query from succeeding. My understanding
is that the contents of the root hints file are not stored in the
server's cache (which means, I think, that they are not themselves
returned in response to queries for those records). Since you have
recursion disabled on abc.com, it is never using its root hints to query
your root server (rootns.man) for the NS and A records for the root zone
(which sounds obfuscated, but it is done that way because the root
servers themselves have the most current list of servers for the root
zone).
________________________________
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of T
MANIKANDAN-PKXR74
Sent: Friday, March 20, 2009 8:30 AM
To: bind-users at lists.isc.org
Subject: Root Server Simulation Communication Problem
Hi,
I am trying to set up lab which replicates the root
server also. ( DNS with Root server simulation for Intranet),
Basically I have two servers one abc.com as
authoritative server and the other rootns.man acting as root server.
running BIND 9 on both.
I have done the following things in my named.conf file
options {
directory "/var/named";
recursion no;
};
zone "." {
type hint;
file "root";
};
zone "abc.com" IN {
type master;
file "forward";
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "reverse";
};
My root File (Points to another DNS acting as Root
server let us call rootns.man)
. 86400 IN NS
rootns.man.
rootns.man. 86400 IN A 1.2.3.4
My Forward and reverse file
$TTL 3600
@ IN SOA abc.com. root.abc.com. (
42 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
IN NS abc.com.
abc.com. IN A 192.168.10.12
$TTL 3600
@ IN SOA abc.com. root.abc.com.(
42 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
IN NS abc.com.
12 IN PTR abc.com.
In the other DNS server rootns.man (acting root server)
zone "." IN {
type master;
file "forward";
};
Forward file in roons.man server
$TTL 86400
@ IN SOA rootns.man root.rootns.man (
42
; serial (d. adams)
3H
; refresh
15M
; retry
1W
; expiry
1D )
; minimum
. IN NS rootns.man.
rootns.man. IN A 1.2.3.4
Once completing this I have a minor problem that is my
abc.com server is not able to determine the root server (rootns.man) IP
address. attached the DIG output from abc.com server. can any one please
help me in resolving this issue.
Regards
Mani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090326/15bd0cce/attachment.html>
More information about the bind-users
mailing list