Problems with delegating zones outside of Bind
bdyslm at comcast.net
bdyslm at comcast.net
Wed Mar 29 19:16:54 UTC 2006
Why not just delegate the modems.company.priv zone to the power dns servers through NS records?
-------------- Original message ----------------------
From: Léonard Wauters <lwauters at ipnotic-telecom.fr>
> Hello,
>
> We heavily use bind inside our company for mapping our different servers
> and caching our own DNS requests.
> We have two DNS servers (Bind 9.2.4.1) running over Debian Sarge, and
> everything is working well.
>
> We have several zones, defined like this :
>
> // Zone company.priv
> zone "sup.ipnotic.priv" IN {
> type master;
> file "/etc/bind/db.sup.company.priv";
> allow-update { none; };
> };
>
> // Zone srvc.company.priv
> zone "srvc.ipnotic.priv" IN {
> type master;
> file "/etc/bind/db.srvc.company.priv";
> };
>
> // Zone bbone.company.priv
> zone "bbone.ipnotic.priv" IN {
> type master;
> file "/etc/bind/db.bbone.company.priv";
> allow-update { none; };
> };
>
>
> We want to add a new zone, say 'modems', but we do not want bind to
> handle it, because we have to use a SQL back-end. So we want to use
> powerdns which would store the ressource records, and Bind as a "proxy"
> that would ask powerdns for results.
> Powerdns runs on both master and slave DNS, but on port 1053.
>
> (My master DNS server is 10.10.0.40 and my slave is 10.10.0.46)
>
> So we added the following zone :
> // New zone
> zone "modems.company.priv" IN {
> type forward;
> forward only;
> forwarders { 10.10.0.40 port 1053;
> 10.10.0.46 port 1053; };
> };
>
> So, in this configuration, Bind handles all requests (even for the
> modems.company.priv) and asks for powerdns when a query concerns the
> modems.company.priv zone.
>
> But, it is not the case. Bind never interrogates the powerdns server on
> port 1053 for, for instance, a modem1.modems.company.priv A query. It
> only returns a NXDOMAIN error code.
>
> The logs do not return any noticeable error. I also did a tcpdump on
> both master and slaves, and there is NO actual communication between
> bind and powerDNS. By the way, if I interrogate directly powerdns on
> port 1053, I get the expected results.
>
> I searched some examples on the internet, but could not find anything.
>
> Maybe dealing with the PTR and NS ressource records would be a solution,
> but I could find no examples of it.
>
> Do someone have an example of how to do this ?
>
> Thanks for your answers.
>
> Léonard Wauters.
>
>
> --
>
>
More information about the bind-users
mailing list