using slave NS in glue records
Kevin Darcy
kcd at daimlerchrysler.com
Tue Dec 10 15:22:36 UTC 2002
Gregory Hicks wrote:
> > Date: Wed, 04 Dec 2002 01:01:53 +0100
> > From: Eivind Olsen <eivind at aminor.no>
> >
> > Are you thinking about having a hidden master server, like this?
> >
> > Hidden master server (master.example.com)
> > ====================
> > |
> > |
> > +--------slave1 (ns1.example.com)
> > |
> > |
> > +--------slave2 (ns2.example.com)
> >
>
> I am obviously doing something wrong...
>
> our 'internet' name server is working. Our internal name servers
> work. However, I am trying to set up one of these 'hidden master
> servers' by listing all of the 'internal name servers in the
> db.cadence.ns and using that as the zone master...
>
> However, it would appear that I cannot get it to look anywhere else...
> How to do this?
>
> Regards,
> Gregory Hicks
> -----------db.cadence.ns -----------
> $ORIGIN Cadence.COM.
> @ IN SOA metis.Cadence.COM. root.metis.Cadence.COM. (
> 2002120914 3600 900 604800 3600 )
>
> 1H IN NS iss.cadence.com.
> 1H IN NS cds2.cadence.com.
> 1H IN NS cds238.cadence.com.
> 1H IN NS granola.cadence.com.
>
> dr 1H IN NS dc1sjroot.cadence.com.
> 1H IN NS dc2sjroot.cadence.com.
>
> catena 1H IN NS cat0.catena.cadence.com.
>
> engineering 1H IN NS bsd6.cadence.com.
> 1H IN NS bsd21.cadence.com.
>
> global 1H IN NS dc1sjglobal.cadence.com.
> 1H IN NS dc2sjglobal.cadence.com.
>
> _msdcs.global 1H IN NS dc1sjglobal.cadence.com.
> 1H IN NS dc2sjglobal.cadence.com.
>
> _tcp.global 1H IN NS dc1sjglobal.cadence.com.
> 1H IN NS dc2sjglobal.cadence.com.
>
> _udp.global 1H IN NS dc1sjglobal.cadence.com.
> 1H IN NS dc2sjglobal.cadence.com.
>
> _sites.global 1H IN NS dc1sjglobal.cadence.com.
> 1H IN NS dc2sjglobal.cadence.com.
>
> bsd21 IN A 158.140.5.139
> bsd6 IN A 158.140.90.6
> cat0.catena IN A 158.140.133.37
> cds2 IN A 158.140.32.75
> cds238 IN A 158.140.128.1
> dc1sjglobal IN A 158.140.128.140
> dc1sjroot IN A 158.140.128.40
> dc2sjglobal IN A 158.140.128.141
> dc2sjroot IN A 158.140.128.41
> granola IN A 158.140.128.35
> iss IN A 158.140.32.1
> metis IN A 158.140.48.93
>
> --------/etc/named.conf --------------------
> options {
> directory "/var/yp/nameserver";
> //
> //the db.cache file below references only ns.cadence.com.
> //because of the firewall, it does not talk directly with
> //the root servers of the internet
> //
> //
> //the forwarder for ns.cadence.com, below is no typo. it is
> //mentioned twice to change the behavior of bind. see p. 143
> //of the first ed of _dns & bind_
> //
> forwarders {
> 158.140.128.140;
> 158.140.32.1;
> };
> //
> //the slave keyword causes dns to only do recursive queries.
> //
>
> };
>
> key "rndc-key" {
> algorithm hmac-md5;
> secret "secret-password";
> };
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "db.127.0.0";
> notify no;
> };
>
> zone "Cadence.COM" in {
> type master;
> file "db.Cadence.ns";
> # masters { 158.140.128.1; };
> };
>
> zone "99.139.in-addr.arpa" in {
> type slave;
> file "db.139.99";
> masters { 158.140.128.1; };
> };
>
> zone "140.158.in-addr.arpa" in {
> type slave;
> file "db.158.140";
> masters { 158.140.128.1; };
> };
>
> zone "." in {
> type hint;
> file "db.cache";
> };
> ---------- end of /etc/named.conf ----------------
>
> ---------- db.cache ------------------------------
> ; This is a hacked version of the db.cache to fake cds238 into believing
> ; that all requests should go through the firewall. If you replace this
> ; with the db.cache from Internic, it won't work as expected.
> ;
> ; grif 9/15/97
> ;
>
> .. 3600000 IN NS ns.cadence.com.
> .. 3600000 IN NS gossip.cadence.com
> ns.cadence.com. 3600000 IN A 158.140.1.253
> gossip.cadence.com 3600000 IN A 158.140.2.50
> ---------- end of db.cache -----------------------
>
Perhaps it would help if you explained what you're trying to accomplish. It
looks like you're trying to use zone NS records and/or the contents of the
hints file as a general-purpose forwarding or "override
forwarding" mechanism. That's doomed to failure. The hints file should only
contain information about the root zone, and an authoritative server for a
zone will never "forward" queries anywhere else, regardless of what the
zone NS records say.
- Kevin
More information about the bind-users
mailing list