using slave NS in glue records
Gregory Hicks
ghicks at cadence.com
Tue Dec 10 00:28:10 UTC 2002
> Date: Wed, 04 Dec 2002 01:01:53 +0100
> From: Eivind Olsen <eivind at aminor.no>
>
> Are you thinking about having a hidden master server, like this?
>
> Hidden master server (master.example.com)
> ====================
> |
> |
> +--------slave1 (ns1.example.com)
> |
> |
> +--------slave2 (ns2.example.com)
>
I am obviously doing something wrong...
our 'internet' name server is working. Our internal name servers
work. However, I am trying to set up one of these 'hidden master
servers' by listing all of the 'internal name servers in the
db.cadence.ns and using that as the zone master...
However, it would appear that I cannot get it to look anywhere else...
How to do this?
Regards,
Gregory Hicks
-----------db.cadence.ns -----------
$ORIGIN Cadence.COM.
@ IN SOA metis.Cadence.COM. root.metis.Cadence.COM. (
2002120914 3600 900 604800 3600 )
1H IN NS iss.cadence.com.
1H IN NS cds2.cadence.com.
1H IN NS cds238.cadence.com.
1H IN NS granola.cadence.com.
dr 1H IN NS dc1sjroot.cadence.com.
1H IN NS dc2sjroot.cadence.com.
catena 1H IN NS cat0.catena.cadence.com.
engineering 1H IN NS bsd6.cadence.com.
1H IN NS bsd21.cadence.com.
global 1H IN NS dc1sjglobal.cadence.com.
1H IN NS dc2sjglobal.cadence.com.
_msdcs.global 1H IN NS dc1sjglobal.cadence.com.
1H IN NS dc2sjglobal.cadence.com.
_tcp.global 1H IN NS dc1sjglobal.cadence.com.
1H IN NS dc2sjglobal.cadence.com.
_udp.global 1H IN NS dc1sjglobal.cadence.com.
1H IN NS dc2sjglobal.cadence.com.
_sites.global 1H IN NS dc1sjglobal.cadence.com.
1H IN NS dc2sjglobal.cadence.com.
bsd21 IN A 158.140.5.139
bsd6 IN A 158.140.90.6
cat0.catena IN A 158.140.133.37
cds2 IN A 158.140.32.75
cds238 IN A 158.140.128.1
dc1sjglobal IN A 158.140.128.140
dc1sjroot IN A 158.140.128.40
dc2sjglobal IN A 158.140.128.141
dc2sjroot IN A 158.140.128.41
granola IN A 158.140.128.35
iss IN A 158.140.32.1
metis IN A 158.140.48.93
--------/etc/named.conf --------------------
options {
directory "/var/yp/nameserver";
//
//the db.cache file below references only ns.cadence.com.
//because of the firewall, it does not talk directly with
//the root servers of the internet
//
//
//the forwarder for ns.cadence.com, below is no typo. it is
//mentioned twice to change the behavior of bind. see p. 143
//of the first ed of _dns & bind_
//
forwarders {
158.140.128.140;
158.140.32.1;
};
//
//the slave keyword causes dns to only do recursive queries.
//
};
key "rndc-key" {
algorithm hmac-md5;
secret "secret-password";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
notify no;
};
zone "Cadence.COM" in {
type master;
file "db.Cadence.ns";
# masters { 158.140.128.1; };
};
zone "99.139.in-addr.arpa" in {
type slave;
file "db.139.99";
masters { 158.140.128.1; };
};
zone "140.158.in-addr.arpa" in {
type slave;
file "db.158.140";
masters { 158.140.128.1; };
};
zone "." in {
type hint;
file "db.cache";
};
---------- end of /etc/named.conf ----------------
---------- db.cache ------------------------------
; This is a hacked version of the db.cache to fake cds238 into believing
; that all requests should go through the firewall. If you replace this
; with the db.cache from Internic, it won't work as expected.
;
; grif 9/15/97
;
. 3600000 IN NS ns.cadence.com.
. 3600000 IN NS gossip.cadence.com
ns.cadence.com. 3600000 IN A 158.140.1.253
gossip.cadence.com 3600000 IN A 158.140.2.50
---------- end of db.cache -----------------------
-------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400
San Jose, CA 95134 | Internet: ghicks at cadence.com
"The trouble with doing anything right the first time is that nobody
appreciates how difficult it was."
When a team of dedicated individuals makes a commitment to act as
one... the sky's the limit.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the bind-users
mailing list