|
| PORTAIL | ANNUAIRE | ARTICLES | COMPARATEUR HÉBERGEURS | DEVIS | FORUMS | RÉDUCTEUR D'URL |
|
|
|
|
||||||
| comp.protocols.domains Topics related to Domain Style names. |
 |
|
|
LinkBack | Outils de la discussion |
07/01/2008, 07h24
|
#1 |
Messages: n/a
Hébergeur: |
Delegation
On a small network, a host 'neptune' is the nameserver for an internal
domain 'nicklan'. I would like one of the hosts, 'nicklite.nicklan', to be the nameserver for the subdomain 'jupiter.nicklan'. The hosts in this subdomain will all be one and the same as 'nicklite.nicklan'. neptune and nicklite both run bind9. The respective zone files are neptune: @ IN SOA neptune.nicklan. root.localhost. ( 56 ; Serial 3h ; Refresh 1h ; Retry 1w ; Expire 1h ) ; Negative Cache TTL ; IN NS neptune.nicklan. @ IN A 172.23.63.2 neptune IN A 172.23.63.2 nicklite IN A 172.23.63.100 ; Attempt delegation of 'jupiter' subdomain. jupiter.nicklan. IN NS ns.jupiter.nicklan. ns.jupiter.nicklan. A 172.23.63.100 nicklite: @ IN SOA ns.jupiter.nicklan. root.localhost. ( 32 ; Serial 3h ; Refresh 1h ; Retry 1w ; Expire 1h ) ; Negative Cache TTL ; IN NS ns.jupiter.nicklan. @ IN A 172.23.63.100 ns IN A 172.23.63.100 foo IN CNAME ns The nameserver on nicklite seems to work, e.g. # host foo.jupiter.nicklan. foo.jupiter.nicklan is an alias for ns.jupiter.nicklan. ns.jupiter.nicklan has address 172.23.63.100 Likewise the nameserver on neptune, e.g. # host nicklite.nicklan. nicklite.nicklan has address 172.23.63.100 But the nameserver on neptune does not seem to know about the subdomain: # host foo.jupiter.nicklan. Host foo.jupiter.nicklan not found: 3(NXDOMAIN) Am I trying to do something infeasible, and if not, how to make it work? -- KM |
|
|
08/01/2008, 03h20
|
#2 |
|
Messages: n/a
Hébergeur: |
Re: Delegation
In article <4781d39f$0$36405$742ec2ed@news.sonic.net>,
KM <km@xacrasis.netx> wrote: > On a small network, a host 'neptune' is the nameserver for an internal > domain 'nicklan'. I would like one of the hosts, 'nicklite.nicklan', to > be the nameserver for the subdomain 'jupiter.nicklan'. The hosts in > this subdomain will all be one and the same as 'nicklite.nicklan'. > > neptune and nicklite both run bind9. The respective zone files are > > neptune: > @ IN SOA neptune.nicklan. root.localhost. ( > 56 ; Serial > 3h ; Refresh > 1h ; Retry > 1w ; Expire > 1h ) ; Negative Cache TTL > ; > IN NS neptune.nicklan. > > @ IN A 172.23.63.2 > neptune IN A 172.23.63.2 > nicklite IN A 172.23.63.100 > > ; Attempt delegation of 'jupiter' subdomain. > jupiter.nicklan. IN NS ns.jupiter.nicklan. > ns.jupiter.nicklan. A 172.23.63.100 Not that it matters much, but if you want to delegate to nicklite, why are you delegating to ns.jupiter? > > nicklite: > @ IN SOA ns.jupiter.nicklan. root.localhost. ( > 32 ; Serial > 3h ; Refresh > 1h ; Retry > 1w ; Expire > 1h ) ; Negative Cache TTL > ; > IN NS ns.jupiter.nicklan. > > @ IN A 172.23.63.100 > ns IN A 172.23.63.100 > foo IN CNAME ns > > The nameserver on nicklite seems to work, e.g. > > # host foo.jupiter.nicklan. > foo.jupiter.nicklan is an alias for ns.jupiter.nicklan. > ns.jupiter.nicklan has address 172.23.63.100 > > Likewise the nameserver on neptune, e.g. > > # host nicklite.nicklan. > nicklite.nicklan has address 172.23.63.100 > > But the nameserver on neptune does not seem to know about the subdomain: > > # host foo.jupiter.nicklan. > Host foo.jupiter.nicklan not found: 3(NXDOMAIN) > > Am I trying to do something infeasible, and if not, how to make it work? Does neptune have recursion disabled? It needs to recurse in order to query nicklite. -- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group *** |
|
|
|
08/01/2008, 04h43
|
#3 |
|
Messages: n/a
Hébergeur: |
Re: Delegation
On 2008-01-08, Barry Margolin <barmar@alum.mit.edu> wrote:
> > Does neptune have recursion disabled? It needs to recurse in order to > query nicklite. I think it's enabled. On neptune, /etc/bind/named.conf includes a file /etc/bind/named.conf.options which contains (with some snippage) options { ... allow-recursion { localnets; }; ... }; - is that conclusive? -- KM |
|
|
|
08/01/2008, 05h29
|
#4 |
|
Messages: n/a
Hébergeur: |
Re: Delegation
On 2008-01-08, Barry Margolin <barmar@alum.mit.edu> wrote:
>> ; Attempt delegation of 'jupiter' subdomain. >> jupiter.nicklan. IN NS ns.jupiter.nicklan. >> ns.jupiter.nicklan. A 172.23.63.100 > > Not that it matters much, but if you want to delegate to nicklite, why > are you delegating to ns.jupiter? Sorry, I missed that question earlier. Merely to attempt to conform to the examples I found, mainly this one, http://www.zytrax.com/books/dns/ch9/delegate.html I tried this variant in neptune's zone file, ; Attempt delegation of 'jupiter' subdomain. jupiter.nicklan. IN NS nicklite.nicklan. with no more success than before. In all cases I can query the nameserver on nicklite from neptune, e.g. # host jupiter.nicklan. 172.23.63.100 Using domain server: Name: 172.23.63.100 Address: 172.23.63.100#53 Aliases: jupiter.nicklan has address 172.23.63.100 but not via neptune's own nameserver. -- KM |
|
|
|
08/01/2008, 10h08
|
#5 |
|
Messages: n/a
Hébergeur: |
Re: Delegation
Hello,
KM a écrit : > On 2008-01-08, Barry Margolin <barmar@alum.mit.edu> wrote: > >>Does neptune have recursion disabled? It needs to recurse in order to >>query nicklite. If recursion was the problem, shouldn't neptune reply with a list of referrals instead of NXDOMAIN ? > I think it's enabled. On neptune, /etc/bind/named.conf includes a file > /etc/bind/named.conf.options which contains (with some snippage) > > options { > ... > allow-recursion { localnets; }; > ... > }; You should also have "recursion yes;" (maybe it is the default though). |
|
|
|
09/01/2008, 05h43
|
#6 |
|
Messages: n/a
Hébergeur: |
Re: Delegation
In article <flvi2t$2uqs$1@biggoron.nerim.net>,
Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> wrote: > Hello, > > KM a écrit : > > On 2008-01-08, Barry Margolin <barmar@alum.mit.edu> wrote: > > > >>Does neptune have recursion disabled? It needs to recurse in order to > >>query nicklite. > > If recursion was the problem, shouldn't neptune reply with a list of > referrals instead of NXDOMAIN ? Good point. I think it's time for the OP to use "rndc dumpdb" and look at the memory dump. Maybe something in his zone file isn't being loaded as he expects. -- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group *** |
|
|
|
10/01/2008, 03h43
|
#7 |
|
Messages: n/a
Hébergeur: |
Re: Delegation
On 2008-01-09, Barry Margolin <barmar@alum.mit.edu> wrote:
> Good point. I think it's time for the OP to use "rndc dumpdb" and look > at the memory dump. Maybe something in his zone file isn't being loaded > as he expects. On the 'neptune' host, I ran 'rndc dumpdb -zones' which produced a file /var/cache/bind/named_dump.db. It includes (reformatted to make narrower): ; ; Zone dump of 'nicklan/IN' ; nicklan. 10800 IN SOA \ neptune.nicklan. root.localhost. 69 10800 3600 604800 3600 nicklan. 10800 IN NS neptune.nicklan. nicklan. 10800 IN A 172.23.63.2 jupiter.nicklan. 10800 IN NS ns.jupiter.nicklan. ns.jupiter.nicklan. 10800 IN A 172.23.63.100 neptune.nicklan. 10800 IN A 172.23.63.2 nicklite.nicklan. 10800 IN A 172.23.63.100 And on 'nicklite': ; ; Zone dump of 'jupiter.nicklan/IN' ; jupiter.nicklan. 10800 IN SOA \ ns.jupiter.nicklan. root.localhost. 32 10800 3600 604800 3600 jupiter.nicklan. 10800 IN NS ns.jupiter.nicklan. jupiter.nicklan. 10800 IN A 172.23.63.100 foo.jupiter.nicklan. 10800 IN CNAME ns.jupiter.nicklan. ns.jupiter.nicklan. 10800 IN A 172.23.63.100 -- KM |
|
|
|
| Outils de la discussion | |
|
|
