<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7651.59">
<TITLE>how to create a private "test." zone?</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText5254 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>>
sun<BR>> NB: it also forwards to "isp" dns
server.<BR></FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>If your sun server is
configured to use your isp dns server as a forwarder, then I think it
will forward requests for example.test to the isp server even though
it delegated example.test to plesk. That would seem to be supported by the
fact that your sun server knows it is not authoritative for example.test
(no AA flag in response to the query for example.test) and that you see it
sending requests to the isp server (although you don't specify that it is
sending requests to it for example.test). You could try creating
example.test as a forward zone in named.conf on your sun server and
specifying plesk as the forwarder for that zone.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2> </DIV></FONT></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> bind-users-bounces@lists.isc.org on behalf
of Rui Lopes<BR><B>Sent:</B> Sun 3/1/2009 2:46 PM<BR><B>To:</B>
bind-users@lists.isc.org<BR><B>Subject:</B> how to create a private "test."
zone?<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Hello,<BR><BR>I'm trying to create a private "test." zone for
use in my local<BR>"testing lab".<BR><BR>I've setup an recursive DNS server that
will serve the "test." zone<BR>(in Sun host; see the network diagram
bellow).<BR><BR>The resolution of a domain in the "test" zone works as expected,
eg:<BR><BR> dig sun.test<BR>; <<>> DiG 9.4.2-P2
<<>> sun.test<BR>;; global options: printcmd<BR>;; Got
answer:<BR>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
65413<BR>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
ADDITIONAL:<BR>0<BR><BR>;; QUESTION
SECTION:<BR>;sun.test.
IN
A<BR><BR>;; ANSWER SECTION:<BR>sun.test.
600
IN A
192.168.2.1<BR><BR>;; AUTHORITY SECTION:<BR>test.
600
IN NS
sun.test.<BR><BR>;; Query time: 2 msec<BR>;; SERVER:
192.168.2.1#53(192.168.2.1)<BR>;; WHEN: Sun Mar 1 10:39:28 2009<BR>;; MSG
SIZE rcvd: 56<BR><BR><BR>After this, I wanted to delegate the
"example.test." zone to another<BR>local DNS server of mine (the Plesk host). I
did the delegation by<BR>adding the following RR in the "test." zone (in the Sun
host):<BR><BR>
example
IN NS
plesk<BR><BR><BR>I tried to resolve the "example.test" domain
with:<BR><BR> dig example.test<BR>; <<>> DiG
9.4.2-P2 <<>> example.test<BR>;; global options:
printcmd<BR>;; Got answer:<BR>;; ->>HEADER<<- opcode: QUERY, status:
NXDOMAIN, id: 20407<BR>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 0<BR><BR>;; QUESTION SECTION:<BR>;example.test.
IN
A<BR><BR>;; Query time: 31 msec<BR>;; SERVER: 192.168.2.1#53(192.168.2.1)<BR>;;
WHEN: Sun Mar 1 10:40:39 2009<BR>;; MSG SIZE rcvd:
30<BR><BR><BR>Which failed...<BR><BR>NB: I can see my local dns server sending
queries to my isp dns<BR>server. But why?<BR><BR>NB: Asking the same
question directly at the Plesk DNS server works:<BR><BR> dig
example.test @plesk.test<BR>; <<>> DiG 9.4.2-P2 <<>>
example.test @plesk.test<BR>;; global options: printcmd<BR>;; Got
answer:<BR>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
2358<BR>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
ADDITIONAL:<BR>0<BR><BR>;; QUESTION SECTION:<BR>;example.test.
IN
A<BR><BR>;; ANSWER SECTION:<BR>example.test.
86400
IN A
192.168.2.10<BR><BR>;; AUTHORITY SECTION:<BR>example.test.
86400
IN NS
plesk.test.<BR><BR>;; Query time: 2 msec<BR>;; SERVER:
192.168.2.10#53(192.168.2.10)<BR>;; WHEN: Sun Mar 1 10:41:43 2009<BR>;;
MSG SIZE rcvd: 66<BR><BR><BR>What I'm doing wrong in the delegation, and
how can I fix it?<BR><BR><BR>My network diagram is:<BR><BR>
+-------------+<BR> |
isp |<BR> +-------------+ 10.0.2.3
(DNS)<BR>
|<BR> -------+-------------------------------------------
10/24<BR>
|<BR> +-------------+ 10.0.2.15
+-------------+<BR> |
sun
|
| plesk |<BR>
+-------------+ 192.168.2.1 +-------------+
192.168.2.10<BR>
|
|<BR> -------+-----------------------------+-------------
192.168.2/24<BR><BR>isp<BR> my ISP DNS server
host.<BR>sun<BR> my local DNS server host that hosts the
"test." zone.<BR> NB: this is an recursive
server.<BR> NB: it also forwards to "isp" dns
server.<BR> NB: local resolv.conf points to
192.168.2.1<BR>plesk<BR> my other local DNS server host that
hosts the "example.test."<BR>zone.<BR> NB: this is an
authoritative server only.<BR> NB: local resolv.conf points to
192.168.2.1<BR><BR><BR>This is what the Sun DNS server has about the "test."
zone:<BR><BR>$TTL
10m ;
default TTL<BR>$ORIGIN
test. ; base
domain-name<BR>@
IN SOA sun hostmaster
(<BR>
2008042800 ;
serial<BR>
10m ;
refresh<BR>
15m ;
retry<BR>
3w ;
expire<BR>
10m ;
minimum<BR>
)<BR><BR>
IN NS
sun<BR><BR>sun
IN A
192.168.2.1<BR>plesk
IN A
192.168.2.10<BR><BR>; delegate example.test. to
plesk.test.<BR>example
IN NS
plesk<BR>;example
IN A
192.168.2.10<BR><BR><BR>And this is what the Plesk DNS server has about the
"example.test."<BR>zone:<BR><BR>@
IN SOA plesk.test.
ironman.example.test.
(<BR>
1235830200 ;
Serial<BR>
10800 ;
Refresh<BR>
3600 ;
Retry<BR>
604800 ;
Expire<BR>
10800 ) ;
Minimum<BR><BR>example.test.
IN NS
plesk.test.<BR>example.test.
IN A 192.168.2.10<BR><BR><BR><BR>If you need more information,
please let me known.<BR><BR>Thanks!<BR><BR><BR>Best regards,<BR>Rui
Lopes<BR><BR>_______________________________________________<BR>bind-users
mailing list<BR>bind-users@lists.isc.org<BR><A
href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</A><BR></FONT></P></DIV>
</BODY>
</HTML>