I have a similar set up to that and it works. Have you checked the logs to make sure the zone properly loaded? I'm assuming the zone data you posted below is from the <a href="http://example.us">example.us</a> zone but your first question makes it sound like you put it in a seperate zone. That would explain the SERVFAIL if the zone data never loaded but the server was authoritative. It does need to be in the .us.<br>
<br><br>;; ANSWER SECTION:<br><a href="http://example.com">example.com</a>. 60 IN DNAME <a href="http://example.net">example.net</a>.<br><a href="http://test.example.com">test.example.com</a>. 60 IN CNAME <a href="http://test.example.net">test.example.net</a>.<br>
<a href="http://test.example.net">test.example.net</a>. 60 IN A 127.0.0.1<br><br><br><br>And that's with zone data like this:<br><a href="http://example.com">example.com</a>. IN NS <a href="http://ns1.example.net">ns1.example.net</a>.<br>
<a href="http://example.com">example.com</a>. IN NS <a href="http://ns2.example.net">ns2.example.net</a>.<br><a href="http://example.com">example.com</a>. IN A 10.0.0.1<br><a href="http://example.com">example.com</a>. IN DNAME <a href="http://example.net">example.net</a>.<br>
<br><br>Truthfully I haven't looked at DNAME's in a long time so I'm unsure how to do it fully for a domain without adding an A record as well. But what your doing works, it's just not very pretty. Someone may have a better way.<br>
<br><br><br><div class="gmail_quote">On Thu, Jun 30, 2011 at 2:01 PM, Timothe Litt <span dir="ltr"><<a href="mailto:litt@acm.org">litt@acm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I have domain <a href="http://example.net" target="_blank">example.net</a> in production, and have recently acquired<br>
<a href="http://example.us" target="_blank">example.us</a> and <a href="http://example.info" target="_blank">example.info</a>.<br>
<br>
For whatever reason, I want <a href="http://example.us" target="_blank">example.us</a> to simply mirror <a href="http://example.net" target="_blank">example.net</a>, which<br>
is dynamically udpdated (and dnssec). And I want <a href="http://example.us" target="_blank">example.us</a> to be zero<br>
maintenance. (Well, OK I know I need separate DNSSEC keys, but I don't want<br>
to mirror every update made in .net to .us)<br>
<br>
So, I add a zone to <a href="http://ns1.example.net" target="_blank">ns1.example.net</a> that looks like:<br>
(In view "internal")<br>
zone "<a href="http://example.us" target="_blank">example.us</a>" {<br>
auto-dnssec maintain;<br>
type master;<br>
allow-transfer { key "TSIG_GLOBAL_KEY"; };<br>
file "EXAMPLE_US.DB";<br>
update-policy {<br>
grant "TSIG_GLOBAL_KEY" subdomain <a href="http://example.us" target="_blank">example.us</a>. ANY ;<br>
};<br>
};<br>
<br>
$ORIGIN .<br>
$TTL 600 ; 10 minutes<br>
<a href="http://example.us" target="_blank">example.us</a>. IN SOA <a href="http://ns1.example.net" target="_blank">ns1.example.net</a>.<br>
<a href="http://examplenetadmin.example.net" target="_blank">examplenetadmin.example.net</a>. (<br>
2011063001 ; serial<br>
172800 ; refresh (2 days)<br>
600 ; retry (10 minutes)<br>
2419200 ; expire (4 weeks)<br>
600 ; minimum (10 minutes)<br>
)<br>
<a href="http://example.us" target="_blank">example.us</a>. IN DNAME <a href="http://example.net" target="_blank">example.net</a>.<br>
<a href="http://example.us" target="_blank">example.us</a>. IN NS <a href="http://ns1.example.net" target="_blank">ns1.example.net</a>.<br>
<a href="http://example.us" target="_blank">example.us</a>. IN NS <a href="http://ns2.example.net" target="_blank">ns2.example.net</a>.<br>
<br>
I get SERVFAIL with dig if I ask about, say <a href="http://www.example.us" target="_blank">www.example.us</a> @<a href="http://ns1.example.net" target="_blank">ns1.example.net</a><br>
(<a href="http://www.example.net" target="_blank">www.example.net</a> does exist).<br>
<br>
I see nothing in the named.log, except the trace 99 /notrace commands<br>
bracketing the dig, and if I turn on querylog:<br>
client <ns1 IP>#33256: view internal: query: <a href="http://www.example.us" target="_blank">www.example.us</a> IN A + (<ns1<br>
IP>).<br>
<br>
If I look at the named statistics channel, I see that <a href="http://example.us" target="_blank">example.us</a> is being<br>
served, but the zone serial is '-', not '2011063001'.<br>
<br>
Questions:<br>
o Am I confused about DNAME placement - would it have to go in .US?<br>
If so, is this possible? (I don't mean technically possible - I mean<br>
practically - e.g. thru a registrar such as godaddy, enom, etc). If not,<br>
what explains the SERVFAIL?<br>
o Why is '-' reported for the zone serial?<br>
o I understand that DNAME and MX don't play well together (DNAME is<br>
essentially CNAME, and MX doesn't allow<br>
CNAMEs). I suspect I'd have to live with that - unless there are<br>
wiser heads?<br>
o Is there a better approach? (Assume that I'll also want to do the<br>
same thing to example.info...)<br>
<br>
Thanks.<br>
<br>
---------------------------------------------------------<br>
This communication may not represent my employer's views,<br>
if any, on the matters discussed.<br>
<br>
<br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Jonathan French<div><a href="mailto:pikel.m95@gmail.com" target="_blank">pikel.m95@gmail.com</a></div><br>