CMU NetReg Problem.

Gregory Shapiro gshapiro+bind9-workers at gshapiro.net
Sat Jun 6 23:27:49 UTC 2009 

> I've asked a question on the NetReg mailing list and got a solution of
> modifying NetReg, which I'd certainly prefer, but the guy who runs NetReg at
> WPI says we need to have those ugly TXT records in it.  Or, rather, he needs
> the ugly records in his DNS, and the campus DNS is a slave of it.

I just checked the NetReg docs and it does indeed look like they are
required.

> So, my question is whether it is at all possible to stop bind from serving that
> extra TXT record?

I don't think that is possible.  However, what you can consider doing is
not putting the _domainkey.wpi.edu zone under NetReg at all.  Instead,
on the externally facing name servers for wpi.edu, add new zone to your
named.conf:

zone "_domainkey.wpi.edu"
{
	type master;
	allow-query { any; };
	file "master/_domainkey.wpi.edu";
};

If ns.wpi.edu or ns2.wpi.edu is the NetReg system, you should be able to
do it on those as well since the subdomain isn't dynamically managed by
NetReg.  If they are separate machines, all the better.

Then make a zone file master/_domainkey.wpi.edu with the TXT records (just
an example using my DKIM records):

$TTL 1H
@		IN	SOA	ns.wpi.edu.	hostmaster.wpi.edu.	(
				2009060600	; Serial Number
				1H		; Refresh
				30M		; Retry
				1W		; Expire
				6H	)	; Minimum TTL

		IN	NS	ns.wpi.edu.
		IN	NS	ns2.wpi.edu.

		IN	TXT	"t=y; o=~"
_policy		IN	TXT	"t=y; o=~"
_ssp		IN	TXT	"dkim=unknown"
_asp		IN	TXT	"dkim=unknown"
gatsby		IN	TXT	"g=; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcwACuw0tY1gy22Cx2BBo3wES5JbSIV+Kui3WJyHfr8F1AUC0tbZL/dwdtRD1vnwrDlHCWtfb4KL+IOHO2NQXDm0vDCyYdC89qze0VLEva+Oh/6WnURYjWpuuSQFXqM6lLg2bPCjNK2JsbiyZWw20t9TDmrgdQ4G3ELKFHTMqZYQIDAQAB"
gatsby.dkim	IN	TXT	"v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcwACuw0tY1gy22Cx2BBo3wES5JbSIV+Kui3WJyHfr8F1AUC0tbZL/dwdtRD1vnwrDlHCWtfb4KL+IOHO2NQXDm0vDCyYdC89qze0VLEva+Oh/6WnURYjWpuuSQFXqM6lLg2bPCjNK2JsbiyZWw20t9TDmrgdQ4G3ELKFHTMqZYQIDAQAB"

Finally, you might need/want to add glue records to the wpi.edu NetReg
managed zone:

_domainkey	IN	NS	ns
_domainkey	IN	NS	ns2

More information about the bind-workers mailing list