Delegation
Mark Andrews
Mark_Andrews at isc.org
Thu Feb 14 23:29:38 UTC 2008
> Hello list,
>
> I am hoping that someone will be able to help me with an issue I had
> assumed would be simple to resolve but is proving otherwise.
>
> Currently our dns infrastructure runs bind 9.3.0 it has one primary
> and and 7 Slaves. At the moment we are in the process of migrating to
> a new infrastructure and we wanted to migrate zones one at a time in a
> safe, testable and easily revertible method.
>
> Our primary server on the current infrastructure is ns1.example.com,
> (slaves: ns2.example.com - ns8.example.com),
> the primary on the new infrastructure is ns1.example.net (salves:
> ns2.example.net & ns3.example.net) and
> the zone to transfer/migrate is test.org
>
> I have set up the zone test.org on the new infrastructure and querying
> the box directly works fine, the registered nameservers for test.org
> in the root domain .org zone is set to ns1.example.com (and the rest
> of that infrastructure) . Until I am confident that things work I
> would like to leave things like that. However I want ns1.example.com
> to send all requests to the new infrastructure (delegate?). I dont
> think fowarders will do what i want as i need to test a faliure to the
> primary server and ensure the slaves kick in. In an effort to fix
> this i created the following zone on ns1.example.com
>
> #################zone file for test.org#############################
> $TTL 60
> @ IN SOA ns1.example.com. hostmaster.ns1.example.com (
> 2008021409 ;Serial yyyymmddvv
> 21600 ;Refresh 6 hours
> 900 ;Retry 15 minutes
> 1209600 ;Expire 2 weeks
> 12800) ;Min 3 hours
>
> IN NS ns1.example.net.
> IN NS ns2.example.net.
> IN NS ns3.example.net.
>
> ###############end zone file for test.org###########################
>
>
> I had hoped that this would delegate the entire zone to the new
> infrastructure but when i test* my query stops at ns1.example.com and
> is never forwarded to ns1.eduserv.net. If i do an NS lookup though it
> appears as if everything is set up correctly.
>
> I have tried google and nothing comes up. i am starting to come to
> the conclusion that the way I'm doing things is not the correct way.
> if anyone could point me in the right direction of what im doing wrong
> and how i can archive what i want it would be much appreciated.
>
> Everything below here is testing output
> thanks john
>
> *see below for test results note that real fqdn have been swapped for
> the domains used above
> ########################################################
> dig +trace test0.test.org
> ; <<>> DiG 9.4.2 <<>> +trace test0.test.org
> ;; global options: printcmd
> . 4759 IN NS b.root-servers.net.
> . 4759 IN NS c.root-servers.net.
> . 4759 IN NS d.root-servers.net.
> . 4759 IN NS e.root-servers.net.
> . 4759 IN NS f.root-servers.net.
> . 4759 IN NS g.root-servers.net.
> . 4759 IN NS h.root-servers.net.
> . 4759 IN NS i.root-servers.net.
> . 4759 IN NS j.root-servers.net.
> . 4759 IN NS k.root-servers.net.
> . 4759 IN NS l.root-servers.net.
> . 4759 IN NS m.root-servers.net.
> . 4759 IN NS a.root-servers.net.
> ;; Received 433 bytes from 192.168.33.223#53(192.168.33.223) in 2 ms
>
> org. 172800 IN NS B0.ORG.AFILIAS-NST.org.
> org. 172800 IN NS A0.ORG.AFILIAS-NST.INFO.
> org. 172800 IN NS C0.ORG.AFILIAS-NST.INFO.
> org. 172800 IN NS D0.ORG.AFILIAS-NST.org.
> org. 172800 IN NS TLD2.ULTRADNS.NET.
> org. 172800 IN NS TLD1.ULTRADNS.NET.
> ;; Received 430 bytes from 192.112.36.4#53(g.root-servers.net) in 192 ms
>
> test.org. 86400 IN NS ns1.example.com.
> test.org. 86400 IN NS ns2.example.com.
> ;; Received 101 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO) in 21 ms
>
> test.org. 60 IN SOA ns1.example.com.
> hostmaster.ns1.example.com 2008021409 21600 900 1209600 12800
> ;; Received 113 bytes from 123.123.123.123#53(ns1.example.com) in 17 ms
> ################################################
>
> dig +trace NS test.org
> ; <<>> DiG 9.4.2 <<>> +trace NS test.org
> ;; global options: printcmd
> . 4237 IN NS b.root-servers.net.
> . 4237 IN NS c.root-servers.net.
> . 4237 IN NS d.root-servers.net.
> . 4237 IN NS e.root-servers.net.
> . 4237 IN NS f.root-servers.net.
> . 4237 IN NS g.root-servers.net.
> . 4237 IN NS h.root-servers.net.
> . 4237 IN NS i.root-servers.net.
> . 4237 IN NS j.root-servers.net.
> . 4237 IN NS k.root-servers.net.
> . 4237 IN NS l.root-servers.net.
> . 4237 IN NS m.root-servers.net.
> . 4237 IN NS a.root-servers.net.
> ;; Received 433 bytes from 192.168.33.223#53(192.168.33.223) in 14 ms
>
> org. 172800 IN NS C0.ORG.AFILIAS-NST.INFO.
> org. 172800 IN NS D0.ORG.AFILIAS-NST.org.
> org. 172800 IN NS TLD1.ULTRADNS.NET.
> org. 172800 IN NS TLD2.ULTRADNS.NET.
> org. 172800 IN NS A0.ORG.AFILIAS-NST.INFO.
> org. 172800 IN NS B0.ORG.AFILIAS-NST.org.
> ;; Received 424 bytes from 192.36.148.17#53(i.root-servers.net) in 19 ms
>
> test.org. 86400 IN NS ns1.example.com.
> test.org. 86400 IN NS ns2.example.com.
> ;; Received 95 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO) in 22 ms
>
> test.org. 60 IN NS ns1.example.net.
> test.org. 60 IN NS ns2.example.net.
> test.org. 60 IN NS ns0.example.net.
> ;; Received 102 bytes from 152.78.129.184#53(clover.sucs.soton.ac.uk) in 16
> ms
>
> #################################################
> dig test0.test.org @ns1.example.net
>
> ; <<>> DiG 9.4.2 <<>> test0.eduserv-test.org @ns1.example.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37523
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;test0.test.org. IN A
>
> ;; ANSWER SECTION:
> test0.test.org. 60 IN A 123.123.123.123
>
> ;; AUTHORITY SECTION:
> test.org. 60 IN NS ns1.example.net.
> test.org. 60 IN NS ns2.example.net.
> test.org. 60 IN NS ns3.example.net.
>
> ;; ADDITIONAL SECTION:
> ns1.example.net. 60 IN A 123.123.123.123
> ns2.example.net. 60 IN A 123.123.123.124
> ns3.example.net. 60 IN A 123.123.123.125
>
> ;; Query time: 3 msec
> ;; SERVER: 123.123.123.123#53(ns0.test.org)
> ;; WHEN: Thu Feb 14 17:12:18 2008
> ;; MSG SIZE rcvd: 172
>
> dig NS @example.com
test.org. 86400 IN NS ns1.example.com.
test.org. 86400 IN NS ns2.example.com.
;; Received 95 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO) in 22 ms
test.org. 60 IN NS ns1.example.net.
test.org. 60 IN NS ns2.example.net.
test.org. 60 IN NS ns0.example.net.
;; Received 102 bytes from 152.78.129.184#53(clover.sucs.soton.ac.uk) in 16 ms
More information about the bind-users
mailing list