bind4 to bind8 - noforward to view or what...?
Mark.Andrews at iengines.com
Mark.Andrews at iengines.com
Tue Dec 28 23:05:33 UTC 1999
zone "xxx.SE" {
type master;
file "db.xxx.SE";
forwarders {};
};
> Hello everybody,
>
> I have a pretty old bind4 (probably with the noforward patch) that needs to
> be updated.
> This server is labeled as a "rootDNS" internal to the company (which could
> be discussed).
>
> Of course I ran into some trouble and now I don´t really know where to go
> next... so any help is really appreciated!
>
> the old named.boot config (cut out some 40 unessential domains):
>
> ---snip---
> directory /etc/domain
>
> noforward xxx.se
>
> primary xxx.SE db.xxx.SE
> primary yyy.zzz.SE db.yyy.zzz.SE
>
> primary 127.IN-ADDR.ARPA db.127
>
> primary 32.10.IN-ADDR.ARPA db.10.32
> noforward 32.10.IN-ADDR.ARPA
>
> primary 48.10.IN-ADDR.ARPA db.10.48
> noforward 48.10.IN-ADDR.ARPA
>
> forwarders xxx.xxx.xxx.xxx xxx.xxx.xxx.xxy
> slave
>
> ---snip---
>
> the problem is now that there are multiple domains under xxx.SE that has
> their own nameservers. And here it gets REALLY complicated, for instance
> ggg.xxx.SE has ca 120 subsubdomains like aaa.ggg.xxx.SE and bbb.ggg.xxx.SE
> as well as plenty of hosts...
>
> the bind4 "rootdns" obviously asks the nameserver for ggg.xxx.SE when
> queried and returns this.
>
> In the db files (like db.xxx.SE) there are a cpl of hundred (if not even
> thousands) entries like this for instance:
>
> $ORIGIN xxx.SE.
> ggg IN NS ns01.ggg
> IN NS ns02.ggg
>
> ns01.ggg IN A xxx.xxx.xxy.xyx
> ns02.ggg IN A xxx.xxx.xxy.xyy
>
>
>
> and in the db.10.32 there are entries like:
>
> 32 IN NS merkur.bbb.xxx.SE.
> IN NS tellus.bbb.xxx.SE.
> 33 IN NS merkur.bbb.xxx.SE.
> IN NS tellus.bbb.xxx.SE.
> 34 [etc.... goes on and on the same ]
>
>
> I have tried with lots of configuration options in named.conf and currently
> its like this:
>
> ---snip---
> options {
> directory "/etc/domain";
> pid-file "/var/run/named.pid";
> forwarders { 192.44.242.66; 192.44.242.66; 192.44.243.66;
> 192.44.243.66;};
> forward only;
> check-names master warn;
> check-names slave ignore;
> };
>
> zone "xxx.SE" {
> type master;
> file "db.xxx.SE";
> };
>
> zone "yyy.zzz.SE" {
> type master;
> file "db.yyy.zzz.SE";
> };
>
> ### all from here had "noforward" in the old config
>
> zone "32.10.IN-ADDR.ARPA" {
> type master;
> file "db.10.32";
> forwarders { };
> };
>
> zone "48.10.IN-ADDR.ARPA" {
> type master;
> file "db.10.48";
> forwarders { };
> };
>
>
>
> ---end ---
>
> This server works fine resolving all xxx.SE names.. but does not resolv
> ggg.xxx.SE or any subdomains ;(
>
> Also, I got a tip to try something like the following:
>
> view {
> domain { "!xxx.se"; } ;
> forward on no-domain to { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx };
> };
>
> but it dont seem to be implemented yet (forward on no-domain).
>
>
> So my real question is: How could I make this work (without too much work,
> like defining all subdomains in named.conf or redoing stuff in the other
> nameservers)?
> Any requests that don´t validate to any of the subdomains under xxx.SE (or
> similar) should also be redirected to an external internet DNS. Im not sure
> this works properly either....
>
> Any help to resolv these issues would be extremely appreciated.
>
> Maybe its not even a good idea upgrading?
>
> best regards
>
> Erik
> __________________________________________
> <<...>>
> Erik Engberg
> Security Specialist
>
> Cygate Sweden AB
> Brovägen 1
> 182 74 Stocksund, Sweden
> Tel: +46 8 630 50 00
> Fax: +46 8 630 50 01
> http://www.cygate.se/sweden
>
>
>
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at iengines.com
More information about the bind-users
mailing list