Re: Sub-domain delegation for BIND 9.2.3
This is a discussion on Re: Sub-domain delegation for BIND 9.2.3 within the Bind Users forums, part of the DNS and Related Forums category; My setup is such that the PriDNS and SlaveDNS are supporting 2 different domains (ie. company.abc.com and company....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-07-2004
|
|||
|
|||
Re: Sub-domain delegation for BIND 9.2.3
My setup is such that the PriDNS and SlaveDNS are supporting 2 different
domains (ie. company.abc.com and company.def.com). My db.company.def.com file ------------------------------------------------ // db.company.def.com @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. ( 200105171 // Serial number 28800 // Refresh (8 hrs.) 7200 // Retry (2 hrs.) 604800 // Expire (7 days) 86400) // Minimum (1 day) IN NS pridns.company.def.com. IN NS slavedns.company.def.com. pridns.company.def.com. IN A 130.1.2.3 slavedns.company.def.com. IN A 130.1.2.4 intranet.company.def.com IN A 130.2.2.8 // End of db.company.def.com ------------------------------------------------ For root.hint, what are entires can I put??? Can I use the slavedns??? For the zonefile db.company.abc.com, am I right to say that I need to change to as follows: ------------------------------------------------ // db.company.def.com @ 4h IN SOA pridns.company.abc.com. postmaster.company.abc.com. ( 200105171 // Serial number 28800 // Refresh (8 hrs.) 7200 // Retry (2 hrs.) 604800 // Expire (7 days) 86400) // Minimum (1 day) IN NS pridns.company.abc.com. IN NS slavedns.company.abc.com. pridns.company.abc.com. IN A 130.1.2.3 slavedns.company.abc.com. IN A 130.1.2.4 xyz.company.abc.com. IN NS pridns.xyz.company.abc.com. pridns.xyz.company.abc.com. IN A 172.7.8.9 intranet.company.abc.com IN A 130.1.2.10 // End of db.company.abc.com ------------------------------------------------ Kindly also advise how do I create a root server??? Can I make use of the PriDNS??? If yes, what are the file and content to be created??? It seems like my entire setup is wrong and I would like to have them corrected. Thank you. >From: phn@icke-reklam.ipsec.nu >To: comp-protocols-dns-bind@isc.org >Subject: Re: Sub-domain delegation for BIND 9.2.3 >Date: Mon, 6 Sep 2004 21:36:46 +0000 (UTC) > >Apache Apache <apacheusr@hotmail.com> wrote: > > Appened are my files on the Primary DNS: > >Look below for comments : > > > //named.conf for Pri DNS for company.def.com & company.abc.com (ip is > > 130.1.2.3) > > // ACL for blocking RFC1918 space commonly used for DoS and spoofing > > attacks. > > acl noaccess-list { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; > > 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; }; > > > acl slave { 130.1.2.4; }; > > > controls { > > inet 127.0.0.1 port 953 > > allow { 127.0.0.1; } ; > > }; > > > options { > > version "DNS Server"; > > directory "/usr/local/named/log"; > > pid-file "/usr/local/named/named.pid"; > > allow-query { any; }; > > listen-on-v6 { none; }; > > listen-on { 130.1.2.3; }; > > notify yes; > > provide-ixfr yes; > > blackhole { noaccess-list; }; > > }; > > > zone "." { > > type hint; > > file "root.hint"; > > }; > > > // IPv4 localhost and localhost reverse. > > zone "localhost" { > > type master; > > file "db.localhost"; > > }; > > > zone "0.0.127.in-addr.arpa" { > > type master; > > file "db.127.0.0"; > > notify no; > > }; > > > zone "2.1.130.in-addr.arpa" { > > type master; > > file "db.130.1.2"; > > notify yes; > > allow-transfer { slave; }; > > }; > > > > zone "company.def.com" { > > type master; > > file "db.company.def.com"; > >Where is this file ?? > > > notify yes; > > allow-transfer { slave; }; > > }; > > > zone "company.abc.com" { > > type master; > > file "db.company.abc.com"; > > notify yes; > > forwarders { }; > > allow-transfer { slave; }; > > }; > > > //End of named.conf for Pri DNS > > ------------------------------------------------ > > > // root.hint > > > . 3600000 IN NS A.ROOT-SERVERS.NET. > > A-ROOT-SERVERS.NET. 3600000 A 130.1.2.3 > > > //End of root.hint > >Ok, you are running internal-roots with a single server, this >might fail ( you should need 3 ) > > > ------------------------------------------------- > > // db.localhost > > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. ( > > 2001051701 // Serial Number > > 28800 // Refresh (8 hrs.) > > 7200 // Retry (2 hrs.) > > 604800 // Expire (7 days) > > 86400) // Minimum (1 day) > > IN NS pridns.company.def.com. > > $TTL 1h > > IN A 127.0.0.1 > > > // End of db.localhost > > > ------------------------------------------------ > > // db.127.0.0 > > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. ( > > 2001051700 // Serial number > > 28800 // Refresh (8 hrs.) > > 7200 // Retry (2 hrs.) > > 604800 // Expire (7 days) > > 86400) // Minimum (1 day) > > > IN NS pridns.company.def.com. > > 1 IN PTR localhost. > > > //End of db.127.0.0 > > > ------------------------------------------------ > > // db.company.abc.com > > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. ( > > 200105171 // Serial number > > 28800 // Refresh (8 hrs.) > > 7200 // Retry (2 hrs.) > > 604800 // Expire (7 days) > > 86400) // Minimum (1 day) > > > IN NS pridns.company.def.com. > > IN NS slavedns.company.def.com. > >if this is the zonefile for "company.def.com." you cannot >say anything about "def.com." here. it should be done at '.' or >'.com' level ( probably in your root-server ) > > > > pridns.company.def.com. IN A 130.1.2.3 > > slavedns.company.def.com. IN A 130.1.2.4 > > > xyz.company.abc.com. IN NS pridns.xyz.company.abc.com. > > pridns.xyz.company.abc.com. IN A 172.7.8.9 > > > > intranet.company.abc.com IN A 130.1.2.10 > > > > // End of db.company.abc.com > > > ------------------------------------------------- > > // db.130.1.2 > > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. ( > > 200105173 // Serial number > > 28800 // Refresh (8 hrs.) > > 7200 // Retry (2 hrs.) > > 604800 // Expire (7 days) > > 86400) // Minimum (1 day) > > > IN NS pridns.company.def.com. // master nameserver > > IN NS slavednsdns.company.def.com. // slave nameserver > > > 3 IN PTR pridns.company.def.com. > > 4 IN PTR slavedns.company.def.com. > > > // End of db.130.1.2 > > ------------------------------------------------ > > > //etc/resolv.conf > > domain company.def.com > > nameserver 130.1.2.3 > > nameserver 130.1.2.4 > > > Pls advise what went wrong. > > ------------------------------------------------ > > > > >>From: phn@icke-reklam.ipsec.nu > >>To: comp-protocols-dns-bind@isc.org > >>Subject: Re: Sub-domain delegation for BIND 9.2.3 > >>Date: Fri, 3 Sep 2004 17:53:16 +0000 (UTC) > >> > >>Apache Apache <apacheusr@hotmail.com> wrote: > >> > Hi, > >> > >> > Have done as advised but when I performed a nslookup, I can only get > >> > non-existent host/domain and not able to resolve > >>host.xyz.company.abc.com. > >> > Pls advise is there anything that I missed out. Thank you. > >> > >> > >> >>From: phn@icke-reklam.ipsec.nu > >> >>To: comp-protocols-dns-bind@isc.org > >> >>Subject: Re: Sub-domain delegation for BIND 9.2.3 > >> >>Date: Thu, 2 Sep 2004 16:52:18 +0000 (UTC) > >> >> > >> >>Apache Apache <apacheusr@hotmail.com> wrote: > >> >> > I have a server (ie. serverA) running BIND 9.2.3 and is a master >DNS > >>fo= > >> >>r=20 > >> >> > parent domain company.abc.com. Users are pointing to this server >for > >>na= > >> >>me=20 > >> >> > resolution. > >> >> > >> >> > I have another server (ie. serverB using F5 DNS) and I would like > >> >>this=20 > >> >> > server to serve the domain xyz.company.abc.com. > >> >> > >> >> > What are the changes required on my named.conf and >db.company.abc.com > >>f= > >> >>or=20 > >> >> > serverA in order for users to be able to resolve > >>host.xyz.company.abc.c= > >> >>om??? > >> >> > >> >>A proper delagation. ( a couple of NS records in xyz.company.abc.com. >) > >> >> > >> >> > Thank you. > >> >> > >> >> > __________________________________________________ _______________ > >> >> > Get MSN Hotmail alerts on your mobile.=20 > >> >> > http://mobile.msn.com/ac.aspx?cid=3Duuhp_hotmail > >> >> > >> >> > >> >> > >> >>--=20 > >> >>Peter H=E5kanson =20 > >> >> IPSec Sverige ( At Gothenburg Riverside ) > >> >> Sorry about my e-mail address, but i'm trying to keep >spam > >>out= > >> >>, > >> >> remove "icke-reklam" if you feel for mailing me. Thanx. > >> >> > >> > >> > __________________________________________________ _______________ > >> > Get MSN Hotmail alerts on your mobile. > >> > http://mobile.msn.com/ac.aspx?cid=uuhp_hotmail > >> > >>Proper delegation is to add a 'NS' records where LHS is the sibdomain >name > >>and RHS is the FQDN of the nameserver(s) configured as servers for the > >>zone. > >> > >>nslookup is a tool that is broken in most hands. The symptoms you tell > >>about > >>might be problems with nslookup. > >> > >>Why don't you publish the name of the zone , the contents ( at least the > >>relevant parts) > >>of the zonefile(s) and configfiles ? That way we don't have to guess > >> > >> > >>-- > >>Peter Håkanson > >> IPSec Sverige ( At Gothenburg Riverside ) > >> Sorry about my e-mail address, but i'm trying to keep spam >out, > >> remove "icke-reklam" if you feel for mailing me. Thanx. > >> > > > __________________________________________________ _______________ > > Fast. Clear. Easy. The new MSN Search. http://search.msn.com.sg/ > > > >-- >Peter Håkanson > IPSec Sverige ( At Gothenburg Riverside ) > Sorry about my e-mail address, but i'm trying to keep spam out, > remove "icke-reklam" if you feel for mailing me. Thanx. > __________________________________________________ _______________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/g...ave/direct/01/ 
|
Linear Mode
