Delegation not working
Mike Bernhardt
bernhardt at bart.gov
Thu May 7 17:29:43 UTC 2009
Yeah, I pulled that dig request from another post that sounded similar
without taking the time to understand what the arguments meant. I will have
to learn dig properly.
Thanks for the help, I will try that tonight.
-----Original Message-----
From: Chris Buxton [mailto:cbuxton at menandmice.com]
Sent: Thursday, May 07, 2009 10:17 AM
To: Mike Bernhardt
Cc: bind-users at lists.isc.org
Subject: Re: Delegation not working
On May 7, 2009, at 9:31 AM, Mike Bernhardt wrote:
> I attempted to delegate a subdomain last night, but it didn't work.
> When I
> slave that subdomain it works fine, so I know that connectivity is
> not the
> problem. The server is running BIND 9.3.4. Here is the dig response:
>
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
Note: no "rd" flag.
> ;; AUTHORITY SECTION:
> adm.bart.gov. 14400 IN NS mrep-02.adm.bart.gov.
> adm.bart.gov. 14400 IN NS dhcp-01.adm.bart.gov.
This is a referral, as expected.
> So it seems we are reading the delegation info correctly, but not
> getting
> answers, or perhaps not asking?
What were you expecting to be different? You sent a non-recursive
query (+norec) and received a referral to the child zone. It looks
perfectly normal.
Were you expecting a final answer to the query? If so, then take out
the "+norec" from your dig command. You'll also need to edit your
bart.gov zone statement in named.conf (below).
> Here is my named.conf, and the db records.
> Since I'm using h2n, the delegation info in the db files is actually
> via
> $include statements pointing at spcl files. I know the $includes are
> read
> properly because there is other info in them that works.
>
> We are forwarding for internet names to our outside-facing server. I'm
> wondering if forwarding is the problem?
If you had not used "+norec", it would be the problem, yes. But there
is a simple solution.
> zone "bart.gov" {
> type master;
> file "db.bart";
> };
Add one more statement inside the zone statement block:
forwarders { };
This will turn off forwarding for the bart.gov domain, which is larger
than the bart.gov zone. It includes delegated subzones such as
"adm.bart.gov", meaning the server will recurse to the subzone rather
than forwarding to the outside world.
Chris Buxton
Professional Services
Men & Mice
More information about the bind-users
mailing list