Delegation not working

Mike Bernhardt bernhardt at bart.gov
Thu May 7 17:29:43 UTC 2009 

Yeah, I pulled that dig request from another post that sounded similar
without taking the time to understand what the arguments meant. I will have
to learn dig properly.

Thanks for the help, I will try that tonight.

-----Original Message-----
From: Chris Buxton [mailto:cbuxton at menandmice.com] 
Sent: Thursday, May 07, 2009 10:17 AM
To: Mike Bernhardt
Cc: bind-users at lists.isc.org
Subject: Re: Delegation not working

On May 7, 2009, at 9:31 AM, Mike Bernhardt wrote:
> I attempted to delegate a subdomain last night, but it didn't work.  
> When I
> slave that subdomain it works fine, so I know that connectivity is  
> not the
> problem. The server is running BIND 9.3.4. Here is the dig response:
>
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

Note: no "rd" flag.

> ;; AUTHORITY SECTION:
> adm.bart.gov.           14400   IN      NS      mrep-02.adm.bart.gov.
> adm.bart.gov.           14400   IN      NS      dhcp-01.adm.bart.gov.

This is a referral, as expected.

> So it seems we are reading the delegation info correctly, but not  
> getting
> answers, or perhaps not asking?

What were you expecting to be different? You sent a non-recursive  
query (+norec) and received a referral to the child zone. It looks  
perfectly normal.

Were you expecting a final answer to the query? If so, then take out  
the "+norec" from your dig command. You'll also need to edit your  
bart.gov zone statement in named.conf (below).

> Here is my named.conf, and the db records.
> Since I'm using h2n, the delegation info in the db files is actually  
> via
> $include statements pointing at spcl files. I know the $includes are  
> read
> properly because there is other info in them that works.
>
> We are forwarding for internet names to our outside-facing server. I'm
> wondering if forwarding is the problem?

If you had not used "+norec", it would be the problem, yes. But there  
is a simple solution.

> zone "bart.gov" {
>        type master;
>        file "db.bart";
> };

Add one more statement inside the zone statement block:

	forwarders { };

This will turn off forwarding for the bart.gov domain, which is larger  
than the bart.gov zone. It includes delegated subzones such as  
"adm.bart.gov", meaning the server will recurse to the subzone rather  
than forwarding to the outside world.

Chris Buxton
Professional Services
Men & Mice

More information about the bind-users mailing list