how to create a private "test." zone?
Mark Andrews
Mark_Andrews at isc.org
Mon Mar 2 23:07:01 UTC 2009
In message <49AC5D59.1010707 at ruilopes.com>, Rui Lopes writes:
> Hi,
>
> Ben Bridges wrote:
> > > sun
> > > NB: it also forwards to "isp" dns server.
> > If your sun server is configured to use your isp dns server as a
> > forwarder, then I think it will forward requests for example.test
> > to the isp server even though it delegated example.test to plesk.
> > That would seem to be supported by the fact that your sun server knows
> > it is not authoritative for example.test (no AA flag in response to
> > the query for example.test) and that you see it sending requests
> > to the isp server (although you don't specify that it is sending
> > requests to it for example.test).
> Ah sorry, its indeed sending requests to it for the example.test domain.
>
> > You could try creating example.test as a forward zone in named.conf on
> > your sun server and specifying plesk as the forwarder for that zone.
> Indeed, adding a forward zone like bellow works! but why does it work?
> or why is it needed?
>
> zone "example.test" {
> type forward;
> // forward only;
> // forwarders { 192.168.2.10; };
> };
>
> Note that I only needed to include the "type forward" line, the other
> lines do not seem to be needed. I'm I missing something? they aren't
> really needed? By reading the bind manual it seems we have to include them.
>
You turned off forwarding for that namespace.
It's the equivalent of:
zone "example.test" {
type forward;
forwarders { /* empty */ };
};
You could have also added it to the test zones config.
zone "test" {
type master; // or slave
...
forwarders { /* empty */ };
};
Mark
> BTW, if I try to query without recurse (and without addind the forward
> zone as above):
>
> dig example.test +norecurse
> ; <<>> DiG 9.4.2-P2 <<>> example.test +norecurse
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62293
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;example.test. IN A
>
> ;; AUTHORITY SECTION:
> example.test. 600 IN NS plesk.test.
>
> ;; ADDITIONAL SECTION:
> plesk.test. 600 IN A 192.168.2.10
>
> ;; Query time: 1 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Mon Mar 2 22:22:40 2009
> ;; MSG SIZE rcvd: 66
>
> it seems to work (that is, it returns the NS and A record for the NS)...
> only when quering with recurse it fails, any ideia why?
>
> Thanks!
>
> Best regards,
> Rui Lopes
>
> >
> >
> > ------------------------------------------------------------------------
> > *From:* bind-users-bounces at lists.isc.org on behalf of Rui Lopes
> > *Sent:* Sun 3/1/2009 2:46 PM
> > *To:* bind-users at lists.isc.org
> > *Subject:* how to create a private "test." zone?
> >
> > Hello,
> >
> > I'm trying to create a private "test." zone for use in my local
> > "testing lab".
> >
> > I've setup an recursive DNS server that will serve the "test." zone
> > (in Sun host; see the network diagram bellow).
> >
> > The resolution of a domain in the "test" zone works as expected, eg:
> >
> > dig sun.test
> > ; <<>> DiG 9.4.2-P2 <<>> sun.test
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> > 0
> >
> > ;; QUESTION SECTION:
> > ;sun.test. IN A
> >
> > ;; ANSWER SECTION:
> > sun.test. 600 IN A 192.168.2.1
> >
> > ;; AUTHORITY SECTION:
> > test. 600 IN NS sun.test.
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > ;; WHEN: Sun Mar 1 10:39:28 2009
> > ;; MSG SIZE rcvd: 56
> >
> >
> > After this, I wanted to delegate the "example.test." zone to another
> > local DNS server of mine (the Plesk host). I did the delegation by
> > adding the following RR in the "test." zone (in the Sun host):
> >
> > example IN NS plesk
> >
> >
> > I tried to resolve the "example.test" domain with:
> >
> > dig example.test
> > ; <<>> DiG 9.4.2-P2 <<>> example.test
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;example.test. IN A
> >
> > ;; Query time: 31 msec
> > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > ;; WHEN: Sun Mar 1 10:40:39 2009
> > ;; MSG SIZE rcvd: 30
> >
> >
> > Which failed...
> >
> > NB: I can see my local dns server sending queries to my isp dns
> > server. But why?
> >
> > NB: Asking the same question directly at the Plesk DNS server works:
> >
> > dig example.test @plesk.test
> > ; <<>> DiG 9.4.2-P2 <<>> example.test @plesk.test
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2358
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> > 0
> >
> > ;; QUESTION SECTION:
> > ;example.test. IN A
> >
> > ;; ANSWER SECTION:
> > example.test. 86400 IN A 192.168.2.10
> >
> > ;; AUTHORITY SECTION:
> > example.test. 86400 IN NS plesk.test.
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 192.168.2.10#53(192.168.2.10)
> > ;; WHEN: Sun Mar 1 10:41:43 2009
> > ;; MSG SIZE rcvd: 66
> >
> >
> > What I'm doing wrong in the delegation, and how can I fix it?
> >
> >
> > My network diagram is:
> >
> > +-------------+
> > | isp |
> > +-------------+ 10.0.2.3 (DNS)
> > |
> > -------+------------------------------------------- 10/24
> > |
> > +-------------+ 10.0.2.15 +-------------+
> > | sun | | plesk |
> > +-------------+ 192.168.2.1 +-------------+ 192.168.2.10
> > | |
> > -------+-----------------------------+------------- 192.168.2/24
> >
> > isp
> > my ISP DNS server host.
> > sun
> > my local DNS server host that hosts the "test." zone.
> > NB: this is an recursive server.
> > NB: it also forwards to "isp" dns server.
> > NB: local resolv.conf points to 192.168.2.1
> > plesk
> > my other local DNS server host that hosts the "example.test."
> > zone.
> > NB: this is an authoritative server only.
> > NB: local resolv.conf points to 192.168.2.1
> >
> >
> > This is what the Sun DNS server has about the "test." zone:
> >
> > $TTL 10m ; default TTL
> > $ORIGIN test. ; base domain-name
> > @ IN SOA sun hostmaster (
> > 2008042800 ; serial
> > 10m ; refresh
> > 15m ; retry
> > 3w ; expire
> > 10m ; minimum
> > )
> >
> > IN NS sun
> >
> > sun IN A 192.168.2.1
> > plesk IN A 192.168.2.10
> >
> > ; delegate example.test. to plesk.test.
> > example IN NS plesk
> > ;example IN A 192.168.2.10
> >
> >
> > And this is what the Plesk DNS server has about the "example.test."
> > zone:
> >
> > @ IN SOA plesk.test. ironman.example.test. (
> > 1235830200 ; Serial
> > 10800 ; Refresh
> > 3600 ; Retry
> > 604800 ; Expire
> > 10800 ) ; Minimum
> >
> > example.test. IN NS plesk.test.
> > example.test. IN A 192.168.2.10
> >
> >
> >
> > If you need more information, please let me known.
> >
> > Thanks!
> >
> >
> > Best regards,
> > Rui Lopes
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list