Adding a new zone
Jacob Laack
JLaack at alegent.org
Fri Sep 16 21:09:07 UTC 2005
I'm sorry to waste everyone's time. The db.myalegent.org file was owned =
by root and not by the named user. named couldn't read it and, therefore, =
couldn't inport the information into it. The permissions were properly =
set on the slave machine, which is why it worked there. Thanks for your =
help guys.
>>> Kevin Darcy <kcd at daimlerchrysler.com> 9/16/2005 3:00:09 PM >>>
Looks like the zone didn't load properly. Anything in the logs? You=20
might want to run named-checkzone on it.
- Kevin
Jacob Laack wrote:
>I thought maybe it was because the requests were forwarded so I added a =
=3D
>"forwarders {};" to the named.conf file but it still doesn't work. Here =
=3D
>is me asking my master dns server where these hostnames (www.myalegent.org=
=3D
>& myalegent.org) point to followed by www.myalegent.com:=20
>
>dns1{root}/usr/local/named# dig @dns1 www.myalegent.org=3D20=20
>
>; <<>> DiG 9.2.3 <<>> @dns1 www.myalegent.org=3D20=20
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23320
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;www.myalegent.org. IN A
>
>;; Query time: 5 msec
>;; SERVER: 160.xx.xx.xx#53(dns1)
>;; WHEN: Fri Sep 16 14:48:04 2005
>;; MSG SIZE rcvd: 35
>
>dns1{root}/usr/local/named# dig @dns1 myalegent.org
>
>; <<>> DiG 9.2.3 <<>> @dns1 myalegent.org
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44593
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;myalegent.org. IN A
>
>;; Query time: 5 msec
>;; SERVER: 160.xx.xx.xx#53(dns1)
>;; WHEN: Fri Sep 16 14:48:09 2005
>;; MSG SIZE rcvd: 31
>
>dns1{root}/usr/local/named# dig @dns1 www.myalegent.com=3D20=20
>
>; <<>> DiG 9.2.3 <<>> @dns1 www.myalegent.com=3D20=20
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25768
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
>
>;; QUESTION SECTION:
>;www.myalegent.com. IN A
>
>;; ANSWER SECTION:
>www.myalegent.com. 86400 IN A 160.xx.xx.xx
>
>;; AUTHORITY SECTION:
>myalegent.com. 86400 IN NS dns2.myalegent.com.
>myalegent.com. 86400 IN NS littlewill.teamalegent.com=
.=3D
>
>myalegent.com. 86400 IN NS dns1.myalegent.com.
>
>;; ADDITIONAL SECTION:
>dns1.myalegent.com. 86400 IN A 160.xx.xx.xx
>dns2.myalegent.com. 86400 IN A 160.xx.xx.xx
>littlewill.teamalegent.com. 86400 IN A 160.xx.xx.xx
>
>;; Query time: 6 msec
>;; SERVER: 160.xx.xx.xx#53(dns1)
>;; WHEN: Fri Sep 16 14:49:59 2005
>;; MSG SIZE rcvd: 174
>
>
>-Jake
>
>Jake Laack
>Alegent Health, OSE
>402-717-1146
>
> =20
>
>>>>Kevin Darcy <kcd at daimlerchrysler.com> 9/16/2005 2:37:41 PM >>>
>>>> =20
>>>>
>Offhand that looks fine. Were there any errors in your log when named=3D20=
>tried to load the zone? What is the exact error you're getting when =
you=3D20
>query myalegent.org (it might help if you use a real lookup tool =
like=3D20
>dig instead of nslookup)? Is it NXDOMAIN or SERVFAIL or something =
else?=3D20
>Are you sure you're querying one of the nameservers defined as master=3D20=
>for the zone?
>
>- Kevin
>
>Jacob Laack wrote:
>
> =20
>
>>My company's users found out that the .org version of our intranet site =
=3D
>> =20
>>
>=3D3D
> =20
>
>>has been bought and is pointing to some nasty website. We already own =
=3D
>> =20
>>
>and =3D3D
> =20
>
>>use the .com domain for our intranet portal. I would like to create a =
=3D
>> =20
>>
>new =3D3D
> =20
>
>>zone for the .org domain on our internal dns servers to point to the =
.com =3D
>> =20
>>
>=3D3D
> =20
>
>>domain. This way we can prevent them from going to the nasty site.
>>
>>I've inherited this DNS system (currently running BIND 9.2.3 on two aix =
=3D
>> =20
>>
>=3D3D
> =20
>
>>servers) and haven't had to add a new zone before. I duplicated the =
zone =3D
>> =20
>>
>=3D3D
> =20
>
>>entry in named.conf, copied the db.myalegent.com file to db.myalegent.org=
,=3D
>> =20
>>
> =3D3D
> =20
>
>>deleted all the entries, edited all the .com's to .org's, and ran "rdnc =
=3D
>> =20
>>
>=3D3D
> =20
>
>>reload". Unfortunately, nslookup myalegent.org doesn't work. What am I =
=3D
>> =20
>>
>=3D3D
> =20
>
>>doing incorrectly? The new db.myalegent.org is here:
>>
>>$ORIGIN .
>>$TTL 86400 ; 1 day
>>myalegent.org IN SOA DNS1.myalegent.org. jlaack.alegent.org. =
(
>> 651 ; serial
>> 10800 ; refresh (3 hours)
>> 3600 ; retry (1 hour)
>> 604800 ; expire (1 week)
>> 86400 ; minimum (1 day)
>> )
>> NS dns1.myalegent.org.
>> NS dns2.myalegent.org.
>> NS littlewill.teamalegent.com.
>> A 160.xx.xx.xx
>>$ORIGIN myalegent.org.
>>dns1 A 160.xx.xx.xx
>>dns2 A 160.xx.xx.xx
>>www A 160.xx.xx.xx
>>
>>The relevant section of named.conf is here:
>>
>>zone "myalegent.org" {
>> type master;
>> file "db.myalegent.org";
>>
>> allow-update {
>> key dns1-dns1 ;
>> key dns1-dns2 ;
>> key dnsuser-key ;
>> };
>>
>> allow-transfer {
>> 160.xx.xx.xx;
>> 160.xx.xx.xx;
>> };
>>};
>>
>>
>>Thanks.
>>
>>
>>
>>
>>
>>
>>=3D20
>>
>> =20
>>
>
>
>
>
>
>
>
>
>
> =20
>
More information about the bind-users
mailing list