FW: Delegation in BIND 8
Loucks, Guy
Guy.Loucks at det.nsw.edu.au
Wed Sep 20 06:43:10 UTC 2000
More information:
# nslookup
Default Server: localhost
Address: 127.0.0.1
> set type=any
> lab
Server: localhost
Address: 127.0.0.1
lab
origin = labrootdc1.win.lab
mail addr = bind.watt.itbnetman.det.nsw.EDU.AU
serial = 501
refresh = 10800 (3H)
retry = 3600 (1H)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
lab nameserver = labrootdc1.win.lab
lab nameserver = labrootdc2.win.lab
lab nameserver = labrootdc1.win.lab
lab nameserver = labrootdc2.win.lab
labrootdc1.win.lab internet address = 153.107.59.131
labrootdc2.win.lab internet address = 153.107.59.132
> det.lab
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
det.lab nameserver = labrootdc1.win.lab
det.lab nameserver = labrootdc2.win.lab
Authoritative answers can be found from:
det.lab nameserver = labrootdc1.win.lab
det.lab nameserver = labrootdc2.win.lab
labrootdc1.win.lab internet address = 153.107.59.131
labrootdc2.win.lab internet address = 153.107.59.132
> webmail.det.lab
Server: localhost
Address: 127.0.0.1
*** localhost can't find webmail.det.lab: Non-existent host/domain
>>>> WE SHOULD BE DELEGATING HERE!!!
> server 153.107.59.131
Default Server: labrootdc1.win.lab
Address: 153.107.59.131
> webmail.det.lab
Server: labrootdc1.win.lab
Address: 153.107.59.131
webmail.det.lab canonical name = labexch5.labitb.det.lab
labexch5.labitb.det.lab internet address = 153.107.59.143
>
> det.lab.
Server: labrootdc1.win.lab
Address: 153.107.59.131
det.lab internet address = 169.254.23.183
det.lab internet address = 153.107.59.131
det.lab internet address = 153.107.59.132
det.lab nameserver = labrootdc1.det.lab
det.lab nameserver = labrootdc2.det.lab
det.lab
origin = labrootdc1.det.lab
mail addr = administrator.det.lab
serial = 206
refresh = 900 (15M)
retry = 600 (10M)
expire = 86400 (1D)
minimum ttl = 3600 (1H)
labrootdc1.det.lab internet address = 153.107.59.131
labrootdc2.det.lab internet address = 153.107.59.132
>
> -----Original Message-----
> From: Loucks, Guy
> Sent: Wednesday, September 20, 2000 4:39 PM
> To: 'bind-users at isc.org'
> Subject: Delegation in BIND 8
>
> People,
>
> Further to my previous note the other week, we are still having some
> peculiar errors with BIND 8. It appears that it simply will not delegate.
> There has to be something simple missing.
>
> Servers 153.107.41.18 and 146 are our external DNS servers. With a subset
> of externally visible DNS information.
>
> Our internal servers consolidate up to our "primary", we have geographic
> secondary servers located throughout the state.
>
> We are in the process of looking at the Windows 2000 product, to do that
> we need to isolate a DNS area for them to keep information the business
> simply does not require out of our core servers.
>
> To do this we have set up a phantom root:
>
> DET.LAB
>
> And we are trying to delegate this to the W2k AD servers. When we query
> the W2k boxes, they appear happy. However we can not get the main DNS
> server to talk with it:
>
> Sep 20 15:45:27 erg named[502]: /etc/namedb/named.conf:4963: syntax error
> near forward
> Sep 20 15:45:27 erg named[502]: no type specified for zone 'det.lab'
> Sep 20 15:45:27 erg named[502]: zone 'det.lab' did not validate, skipping
> Sep 20 15:45:27 erg named[502]: /etc/namedb/named.conf:4973: syntax error
> near '}'
>
> The second line above seems to be the key. The named.conf extract is
> below. We have tired it with and without forward only. We have tried
> removing all forwarders and setting up phantom entries in named.ca for our
> external DNS servers, to no avail.
>
> Your thoughts would be most appreciated. Please email me directly and I
> will summarise again.
>
> options {
> directory "/etc/namedb/ns_db";
> // forward only;
> forwarders {
> 153.107.41.18;
> 153.107.41.146;
> 153.107.41.18;
> 153.107.41.146;
> 153.107.41.18;
> 153.107.41.146;
> };
> multiple-cnames yes;
> version "Surely you must be joking!";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
> };
>
> //
> // named.boot file for NSW DET DNS services.
> //
>
> <SNIP>
>
> zone "det.lab" {
> type forward;
> forward only;
> forwarders {
> 153.107.59.131;
> 153.107.59.132;
> 153.107.59.131;
> 153.107.59.132;
> 153.107.59.131;
> 153.107.59.132;
> };
> };
>
> "named.conf" 5009 lines, 86932 characters
>
> Cheers,
>
> Guy
>
> Guy R. Loucks
> Senior Unix Systems Administrator
> Networks Branch
> NSW Department of Education & Training
> Information Technology Bureau
> Direct +61 2 9942 9887
> Fax +61 2 9942 9600
> Mobile +61 (0)429 041 186
> Email guy.loucks at det.nsw.edu.au
>
>
More information about the bind-users
mailing list