Is my slave DNS working right?
Rob Z
buddy.zee at gmail.com
Thu Jul 30 18:38:36 UTC 2009
Uh, OK. Thanks for that.
So, how can I confirm that my formerly "caching only" DNS server is now
fetching records from transferred zone files?
TIA
--
Rob
On Wed, Jul 29, 2009 at 12:31 PM, Kevin Darcy <kcd at chrysler.com> wrote:
> The +trace option *forces* dig to step through each level of the hierarchy.
>
> Therefore it's not a good way of testing any kind of "override" of the
> normal iterative-resolution process.
>
>
> - Kevin
>
> Rob Z wrote:
>
>> Hello list,
>> Here's my scenario:
>> I have multiple DNS servers (one master and a few slaves) authoritative
>> for a few zones (eg mydomain.com <http://mydomain.com>,
>> zone1.mydomain.com <http://zone1.mydomain.com> etc).
>> I also have a caching server (a stock Redhat caching-nameserver.rpm
>> configuration, BIND 9.2.4 ) which is used by clients on LAN to query DNS for
>> zone1.mydomain.com <http://zone1.mydomain.com>.
>> As far as I understand this caching server does a full recursive
>> resolution to get information for zone1.mydomain.com <
>> http://zone1.mydomain.com> ( going to root servers, then going to .com
>> servers then to mydomain.com <http://mydomain.com> server).
>> My obective is to convert this caching server into a slave server, which
>> will transfer the full zone1.mydomain.com <http://zone1.mydomain.com>.
>> Am I correct in the assumption that the slave server should answer queries
>> for zone1.mydomain.com <http://zone1.mydomain.com> directly as it has all
>> the information?
>> I modified the config by adding
>> zone "zone1.mydomain.com <http://zone1.mydomain.com>" {
>> type slave;
>> file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>";
>> masters { A.B.C.D; };
>> };
>> to the caching server config and configured the master server to allow
>> transfers. The zone is being transfered correctly, mydomain/
>> hosts.mydomain.com <http://hosts.mydomain.com> is popupated.
>> However,
>> dig +trace @localhost host1.zone1.mydomain.com <
>> http://host1.zone1.mydomain.com>
>> shows that the server is still doing a full recursion, going to the root
>> servers, tld servers etc.
>> What am I missing? Do I also have to list my caching server as NS record
>> in the zone1.mydomain.com <http://zone1.mydomain.com>?
>> It's located on a private network and won't be able to answer queries from
>> the Internet.
>> Attached is my config file
>> ===================================================
>> //
>> // named.conf for Red Hat caching-nameserver
>> //
>>
>> options {
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> /*
>> * If there is a firewall between you and nameservers you want
>> * to talk to, you might need to uncomment the query-source
>> * directive below. Previous versions of BIND always asked
>> * questions using port 53, but BIND 8.1 uses an unprivileged
>> * port by default.
>> */
>> // query-source address * port 53;
>> };
>>
>> //
>> // a caching only nameserver config
>> //
>> controls {
>> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>> };
>>
>> zone "." IN {
>> type hint;
>> file "named.ca <http://named.ca>";
>> };
>>
>> zone "localdomain" IN {
>> type master;
>> file "localdomain.zone";
>> allow-update { none; };
>> };
>>
>> zone "localhost" IN {
>> type master;
>> file "localhost.zone";
>> allow-update { none; };
>> };
>>
>> zone "0.0.127.in-addr.arpa" IN {
>> type master;
>> file "named.local";
>> allow-update { none; };
>> };
>>
>> zone
>> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN
>> {
>> type master;
>> file "named.ip6.local";
>> allow-update { none; };
>> };
>>
>> zone "255.in-addr.arpa" IN {
>> type master;
>> file "named.broadcast";
>> allow-update { none; };
>> };
>>
>> zone "0.in-addr.arpa" IN {
>> type master;
>> file "named.zero";
>> allow-update { none; };
>> };
>>
>> zone "zone1.MYDOMAIN.COM <http://zone1.MYDOMAIN.COM>" {
>> type slave;
>> file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>";
>> masters { A.B.C.D; };
>> };
>>
>> include "/etc/rndc.key";
>> ===================================================
>> Thanks
>> Rob
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090730/677abaaf/attachment.html>
More information about the bind-users
mailing list