Multisite deployment issue

Daniel Armando Rodriguez drodriguez at unau.edu.ar
Mon Aug 2 20:42:49 UTC 2021 

For testing purposes just added a zone as follows

zone "www.dominio.edu.ar"  {
    type forward;
    forward only;
    forwarders { XXX.XXX.XXX.XXX; };
};

and this is what I've got

root at nssv:~# dig www.dominio.edu.ar

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> www.dominio.edu.ar
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40661
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f60b7a2ec47397c2062ec9cb610857290d2614d7782ddcae (good)
;; QUESTION SECTION:
;www.dominio.edu.ar.		IN	A

;; AUTHORITY SECTION:
dominio.edu.ar.		86400	IN	SOA	nssv.dominio.edu.ar. 
informatica.dominio.edu.ar. 2021072001 28800 7200 2419200 86400

;; Query time: 0 msec
;; SERVER: 192.168.8.17#53(192.168.8.17)
;; WHEN: lun ago 02 17:35:53 -03 2021
;; MSG SIZE  rcvd: 125

But, If I make an explicit request to the public server the answer is 
the right one

root at nssv:~# dig www.dominio.edu.ar @XXX.XXX.XXX.XXX

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> www.dominio.edu.ar 
@XXX.XXX.XXX.XXX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10953
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b0109e795ed8a84632e9bcf26108575a20463923d764104e (good)
;; QUESTION SECTION:
;www.dominio.edu.ar.		IN	A

;; ANSWER SECTION:
www.dominio.edu.ar.	3600	IN	A	XXX.XXX.XXX.XXX

;; AUTHORITY SECTION:
dominio.edu.ar.		3600	IN	NS	ns1.dominio.edu.ar.
dominio.edu.ar.		3600	IN	NS	ns2.dominio.edu.ar.

;; ADDITIONAL SECTION:
ns1.dominio.edu.ar.	3600	IN	A	XXX.XXX.XXX.XXX
ns2.dominio.edu.ar.	3600	IN	A	XXX.XXX.XXX.XXY

;; Query time: 33 msec
;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
;; WHEN: lun ago 02 17:36:42 -03 2021
;; MSG SIZE  rcvd: 156


El 2021-08-02 17:06, Daniel Armando Rodriguez via bind-users escribió:
> Was wondering If would be possible to setup a forwarding scheme just
> for some subdomains, I emphasize the fact that master is publicly
> accesible and current need is to locally resolv a bunch of subdomains
> of the same zone. I think image attached in previuos message is pretty
> explanatory, but currently my setup doen not work as (I) expected.
> 
>> I attach a picture to best describe where I'm standed at.
>> 
>> https://i.postimg.cc/x8PKnz53/ejemplo-com.png
>> 
>> Currently disabled the SH setup to let just an authoritative DNS for
>> local resolution. Following the example, any request made from PC1 to
>> sys4/sys5/sys6 have no issues. However, if such host makes a request
>> to sys1/sys2/sys2 just get a time out response.
>> Any other query to outside, let's say google.com or whatever, works 
>> just fine.
> 
> El lun, 26 jul 2021 a las 13:29, Sten Carlsen (<stenc at
> s-carlsen.dk>>) escribió:
>>> 
>>> Hi
>>> 
>>> I am running just that setup.
>>> 
>>> This may not scale well enough for your needs.
>>> 
>>> I have one server with two views, one internal and one external.
>>> 
>>> The external view is the hidden master for a number of public 
>>> servers. All going through the relevant delegations. This is only 
>>> authoritative.
>>> 
>>> The internal view is selected by the client address and master files 
>>> for the same domain but with my internal addresses. This is recursing 
>>> and will answer from the master files for those domains and will 
>>> recurse for any other query.
>>> 
>>> This has served me well and e.g. I get the internal address for the 
>>> mail server if I query from an internal address and I get the public 
>>> address if I query from an external address.
>>> 
>>> This setup means that mail clients will make a lookup of the same 
>>> name always and if at home get the internal address and if outside 
>>> get the public address.
>>> 
>>> There is often a recommendation to use different domains, e.g. 
>>> xxx.example.com for public addresses and xxx.internal.example.com for 
>>> the same servers internal addresses. This is not very useful since 
>>> e.g. a mail client would have to know about two different server 
>>> names - with split horizon I can use the same name always.
>>> 
>>> --
>>> Best regards
>>> Sten Carlsen
>>> 
>>> A pessimist is a person that can find a problem for every solution.
>>> 
>>> 
>>> On 26 Jul 2021, at 15.55, Daniel A. Rodriguez 
>>> <daniel.armando.rodriguez at gmail.com>> wrote:
>>> 
>>> Hi there,
>>> 
>>> Currently have a public DNS up & runnin' but, due to brand new
>>> location, there's a need to add local resolution.
>>> 
>>> With that in mind, first idea was to deploy a split horizon setup.
>>> Sadly just local resolution works so far. Double check config but
>>> currently I'm stuck with this situation.
>>> 
>>> Was wondering if having the same zone both public and private, but
>>> with different records, could be an issue. Master for the zone is
>>> public, of course, and the private one -as mentioned- has a different
>>> set of records just for lan hosts. Idea was to go out just when a
>>> query for a public subdomain is requested, but that desn't seem to
>>> work.
>>> 
>>> Both forwarders option and recursion are enabled.
>>> 
>>> Any hint will be much appreciated.






_______________________________________________
Daniel A. Rodriguez
Informática, Conectividad y Sistemas
Universidad Nacional del Alto Uruguay
San Vicente - Misiones - Argentina
www.unau.edu.ar

More information about the bind-users mailing list