bind-users Digest, Vol 829, Issue 1

Parashar Singh parashar.singh2003 at gmail.com
Tue Apr 12 14:45:27 UTC 2011 

Hello friends,
Please find my response below in highlighted text.

Regards
Parashar

On Tue, Apr 12, 2011 at 5:21 AM, <bind-users-request at lists.isc.org> wrote:

> Send bind-users mailing list submissions to
>        bind-users at lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
>        bind-users-request at lists.isc.org
>
> You can reach the person managing the list at
>        bind-users-owner at lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>   1. dns record delegation (Parashar Singh)
>   2. Re: dns record delegation (terry)
>   3. Re: dns record delegation (Matus UHLAR - fantomas)
>   4. Re: BIND9 fails resolving after connecting to VPN (kapetr)
>   5. NS record, nameserver down. (fddi)
>   6. Re: NS record, nameserver down. (terry)
>   7. AW: ipv6 PTR in zone file (Walter.Jontofsohn at t-systems.com)
>   8. Re: AW: ipv6 PTR in zone file (Marco Davids (SIDN))
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 12 Apr 2011 09:25:15 +0530
> From: Parashar Singh <parashar.singh2003 at gmail.com>
> Subject: dns record delegation
> To: bind-users at lists.isc.org
> Message-ID: <BANLkTikjyGeSsobQ7OHms-fOK2R=rUwxNw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Friends,
> I'm using bind 9.7.I want to delegate all wild card (*) request to another
> name server. Hence whenever any request, say a.example.com or
> b.example.comor
> c.example.com comes to Authoritative name server for example.com, it
> should
> be delegated (redirected) to another name server GLB. This GLB name server
> will be containing database for those records in example.com, and it
> should
> be doing resolution for example.com.
> For this, when I'm trying to configure the zone file for example.com with
> following:
>
> *      IN     NS    ns1.GLB.com <http://ns1.glb.com/>
> but it's not working. Can anyone suggest, how to configure this in bind?
>
> Regards
> Parashar
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20110412/a8ca5e46/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Tue, 12 Apr 2011 12:15:50 +0800
> From: terry <terry at geekmail.de>
> Subject: Re: dns record delegation
> To: bind-users at lists.isc.org
> Message-ID: <4DA3D1F6.9080905 at geekmail.de>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> ? 2011-4-12 11:55, Parashar Singh ??:
> > *      IN     NS ns1.GLB.com <http://ns1.glb.com/> <http://ns1.GLB.com<http://ns1.glb.com/>
> >
> > but it's not working. Can anyone suggest, how to configure this in bind?
>
> I was thinking you need a forward zone rather than the wild.
>
> Hi Terry,
The zone file example.com, already containing 10-20 A records. For rest of
records only it should forward request to ns1.GLB.com.

> --
> terry - terry at geekmail.de
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 12 Apr 2011 08:50:06 +0200
> From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
> Subject: Re: dns record delegation
> To: bind-users at lists.isc.org
> Message-ID: <20110412065006.GA27266 at fantomas.sk>
> Content-Type: text/plain; charset=us-ascii
>
> On 12.04.11 09:25, Parashar Singh wrote:
> > I'm using bind 9.7.I want to delegate all wild card (*) request to
> another
> > name server.
>
> what _exactly_ do you mean by "wildcard requests"?
>

Here wild card * means all RRs, which are not explicitely defined within
zone file example.com. Re-iterating my requirement: All RRs already defined
within zone file example.com shall be resolved locally, for all othere
requests, the requests should be delegated to another name server
ns1.glb.com.


>
> > Hence whenever any request, say a.example.com or b.example.comor
> > c.example.com comes to Authoritative name server for example.com, it
> should
> > be delegated (redirected) to another name server GLB. This GLB name
> server
> > will be containing database for those records in example.com, and it
> should
> > be doing resolution for example.com.
>
> You can delegate example.com to another server, all requests for
> example.com
> and anything under example.com will be directed to it.
>
> > For this, when I'm trying to configure the zone file for example.comwith
> > following:
> >
> > *      IN     NS    ns1.GLB.com <http://ns1.glb.com/>
> > but it's not working. Can anyone suggest, how to configure this in bind?
>
> you don't need to create wildcard delegation.
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
> "So does syphillis. Good thing we have penicillin." - Matthew Alton
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 12 Apr 2011 10:33:57 +0200 (CEST)
> From: "kapetr" <kapetr at mizera.cz>
> Subject: Re: BIND9 fails resolving after connecting to VPN
> To: bind-users at lists.isc.org
> Message-ID: <694540cee07f53909e24c78390734c1d at mail3.volny.cz>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello,
>
> Kevin Darcy <kcd at chrysler.com> WROTE:
>
> > > Do You thing, that this VPN provider
> > > - blocks direct (not recursive) DNS questions
> > > and
> > > > - manipulates recursive queries ? [catch them,
> > > make query itself and
> > > > answers with manipulated server IP]
> > >
> > > ???
> > None of your queries were non-recursive (you'd
> > need "+norec" on your dig
> > command line for that), so I wouldn't jump to the
> > conclusion that
> > non-recursive queries are being blocked.
>
> I did mean queries from my local BIND, not from dig command.
>
> >
> > What's more likely happening is that *all* of your
> > queries are being
> > transparently redirected to a recursive resolver.
> > Although, I'd be
> > curious to see what responses you get if you
> > actually generate
> > non-recursive queries (with the "+norec").
> >
>
> I have  try it. Unfortunately ...
>
> I have get normal answers (from DNS server in Internet, which was
> accessed over the new default route == over VPN) even with
> +norecurse or +trace. These non-recurse queries have go over the VPN
>  and I have get normal answers. :-(
>
> I have hope/thing, we are on the right way to solve the problem ...
>
> But the only who get crazy is still only the local BIND.
> Recurse and non-recurse queries goes over the VPN without problems.
> I have follow that in wireshark and routing and source addresses
> seems to be OK.
>
>
> > If it's redirecting non-recursive queries to some
> > caching nameserver,
> > then that probably explains why named goes stupid
> > when the VPN is up,
> > since it won't be able to use the
> > non-authoritative answers it sees.
>
>
> As I wrote in previous post, there must be something ..., while the
> root server has give recursive answer while VPN and not while normal
> direct connection to Internet.
>
> But about the non-recurse queries ... see above.
>
>
> >
> > - Kevin
>
> Any other Ideas ?
>
> Thanks
>
> --kapetr
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 12 Apr 2011 10:34:30 +0200
> From: fddi <fddi at gmx.it>
> Subject: NS record, nameserver down.
> To: Bind Users Mailing List <bind-users at lists.isc.org>
> Message-ID: <4DA40E96.5040903 at gmx.it>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hello,
> I have a domain.com
>
> with w nameservers defined, for example
>
> ;; ANSWER SECTION:
> domain.com.        86400    IN    NS    ns1.domain.com.
> domain.com.        86400    IN    NS    ns2.domain.com.
>
> ;; ANSWER SECTION:
> ns1.domain.com.    86400    IN    A    172.16.16.1
> ns2.domain.com.    86400    IN    A    172.16.16.2
>
> ;; ANSWER SECTION:
> www.domain.com.    86400    IN    A    172.16.16.80
>
>
> ns1 and ns2 are two nameservers with DLZ backend on mysql so the
> architecture is multi-master.
>
> I wanted to ask what happens if one of the nameservers is down and a
> remote host wants to resolve
> a hostname on my domain.
>
> let's say ns1.domain.com. is down
>
> if a remote host does a query for www.domain.com will the query always
> be succesful even if ns1 is down ?
> or the NS records are just round-robin so that if the query arrives to
> the one which is down, the query will fail ?
>
> thank you
>
> Rick
>
>
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 12 Apr 2011 16:50:52 +0800
> From: terry <terry at geekmail.de>
> Subject: Re: NS record, nameserver down.
> To: bind-users at lists.isc.org
> Message-ID: <4DA4126C.3020902 at geekmail.de>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> ? 2011-4-12 16:34, fddi ??:
> > if a remote host does a query for www.domain.com will the query always
> > be succesful even if ns1 is down ?
> > or the NS records are just round-robin so that if the query arrives to
> > the one which is down, the query will fail ?
>
>
> The clients will always try the second alive nameserver so your doman
> names will be resolved without much problem.
>
> --
> terry - terry at geekmail.de
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 12 Apr 2011 10:50:16 +0200
> From: <Walter.Jontofsohn at t-systems.com>
> Subject: AW: ipv6 PTR in zone file
> To: <bind-users at lists.isc.org>
> Message-ID:
>        <
> 901586CA8F92D543BFFFD6E1122F5A36026BBE19A351 at HE101453.emea1.cds.t-internal.com
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
>
> Hello,
>
> you could use ipv6calc (ftp://ftp.bieringer.de/pub/linux/ipv6/ipv6calc) to
> calculate the reverse strings.
> Then you can put them into the zone file.
>
> With Best regards,
>
> Walter
>
>
> Im Auftrag von Michel de Nostredame
> >Gesendet: Montag, 11. April 2011 20:44
> >An: bind-users
> >Betreff: ipv6 PTR in zone file
> >
> >Hi BIND Users,
> >
> >I am not sure if my post here is proper or not. If not please
> >kindly guide me to a correct list.
> >
> >I have lot of "static" IPv6 address needs to add into DNS PTR record.
> >Most of them are server IP addresses and addresses on router
> >interfaces.
> >Compose proper PTR records, without human errors, is highly
> >difficult (compares to IPv4 PTR records), as we encode some
> >customer information into the address.
> >
> >I tried to look into bit-string and soon realized it is
> >already removed from recent BIND versions. Then tried to
> >search "$REVERSE" and "$INVERSE" on Google but got no much
> >luck; seems not much development / discussion recently.
> >
> >For example, today we probably do PTR list this,
> >
> >$ORIGIN 0.0.0.0.0.0.d.4.1.a.1.0.1.0.0.2.ip6.arpa.
> >1.0.1.a.0.0.0.5.6.0.c.1.0.0.5.6         PTR
> >xe-3-0-3-101.ar.par1.fr.netname.net.
> >
> >
> >What I am think about is if there is any potential possibility
> >to compose IPv6 PTR records in ZONE files in a little easier method?
> >something like
> >
> >$ORIGIN $REVERSE(2001:01a1:4d00:0000).ip6.arpa.
> >$REVERSE(6500:1c06:5000:a101)          PTR
> >xe-3-0-3-101.ar.par1.fr.netname.net.
> >
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 12 Apr 2011 11:21:14 +0200
> From: "Marco Davids (SIDN)" <marco.davids at sidn.nl>
> Subject: Re: AW: ipv6 PTR in zone file
> To: <bind-users at lists.isc.org>
> Message-ID: <4DA4198A.6010600 at sidn.nl>
> Content-Type: text/plain; charset="ISO-8859-1"
>
> On 04/12/11 10:50, Walter.Jontofsohn at t-systems.com wrote:
>
> > you could use ipv6calc (ftp://ftp.bieringer.de/pub/linux/ipv6/ipv6calc)
> to calculate the reverse strings.
>
> Yes.
>
> Or do it 'the BIND way':
>
>  dig  -x 2001:7b8:c05::80:1 | grep ip6.arpa | tail -1 | awk '{print $1}'
>
> --
> Marco
>
> > Im Auftrag von Michel de Nostredame
> >> Gesendet: Montag, 11. April 2011 20:44
> >> An: bind-users
> >> Betreff: ipv6 PTR in zone file
> >>
> >> Hi BIND Users,
> >>
> >> I am not sure if my post here is proper or not. If not please
> >> kindly guide me to a correct list.
> >>
> >> I have lot of "static" IPv6 address needs to add into DNS PTR record.
> >> Most of them are server IP addresses and addresses on router
> >> interfaces.
> >> Compose proper PTR records, without human errors, is highly
> >> difficult (compares to IPv4 PTR records), as we encode some
> >> customer information into the address.
> >>
> >> I tried to look into bit-string and soon realized it is
> >> already removed from recent BIND versions. Then tried to
> >> search "$REVERSE" and "$INVERSE" on Google but got no much
> >> luck; seems not much development / discussion recently.
> >>
> >> For example, today we probably do PTR list this,
> >>
> >> $ORIGIN 0.0.0.0.0.0.d.4.1.a.1.0.1.0.0.2.ip6.arpa.
> >> 1.0.1.a.0.0.0.5.6.0.c.1.0.0.5.6         PTR
> >> xe-3-0-3-101.ar.par1.fr.netname.net.
> >>
> >>
> >> What I am think about is if there is any potential possibility
> >> to compose IPv6 PTR records in ZONE files in a little easier method?
> >> something like
> >>
> >> $ORIGIN $REVERSE(2001:01a1:4d00:0000).ip6.arpa.
> >> $REVERSE(6500:1c06:5000:a101)          PTR
> >> xe-3-0-3-101.ar.par1.fr.netname.net.
>
>
> ------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> End of bind-users Digest, Vol 829, Issue 1
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110412/27522a2b/attachment.html>

More information about the bind-users mailing list