Bind doesn't make zone delegation.
Barry Margolin
barmar at alum.mit.edu
Thu Apr 19 16:29:21 UTC 2012
In article <mailman.545.1334821108.63724.bind-users at lists.isc.org>,
"Ellad G. Yatsko" <eyatsko at ngs.ru> wrote:
> > Hello!
> >
> > I have FreeBSD 7.2 x64 installed. And Bind 9.4:
> >
> > /etc/namedb> named -v
> > BIND 9.4.3-P2
> >
> > I have zone "/united-networks.ru/" and I try to do the following:
> > ...
> > $ORIGIN sokol.msk.united-networks.ru.
> > @ IN NS srvgate
> > srvgate IN A 172.31.16.16
> > $ORIGIN united-networks.ru.
> > ...
> >
> > As I understand I delegated the SOA (IN NS) to server with name
> > srvgate.sokol.msk.united-networks.ru ("srvgate" has no tailing "dot"
> > so domain "sokol.msk.united-networks.ru" from $ORIGIN operator
> > will be
> > appended), then I placed "glue"-record with srvgate.sokol.msk's
> > address.
> > It is because as I understood nameserver of delegated zone is in it.
> >
> > From here I thought on the server 172.31.16.16 (it's Ubuntu) I must
> > receive DNS-requests related to zone sokol.msk.united-networks.ru.
> > For
> > example if I try do nslookup sokol.msk.united-networks.ru on FreeBSD
> > 7.2 x64. But:
> >
> > /etc/bind# hostname -f
> > srvgate.sokol.msk.united-networks.ru
> > /etc/bind# tshark -ta -ni tun0 -R dns
> > Running as user "root" and group "root". This could be dangerous.
> > Capturing on tun0
> >
> > ...there is nothing! And FreeBSD issues NXDOMAIN. I say more -
> > FreeBSD
> > tries to resolve name "sokol.msk.united-networks.ru" through its
> > forwarder in
> > external world!
When forwarders are enabled, they get used instead of following
delegations. You need to add this to your named.conf to override the
forwarders for this zone:
zone "sokol.msk.united-networks.ru" {
type forward;
forwarders {};
};
> >
> > Where am I wrong? I simulated this situation with the same
> > configurations
> > on Ubuntu (Bind 9.7.0-P1) and fresh-installed FreeBSD 9.0 x64
> > (Bind 9.8.1-P1).
> > All works fine!
> >
> > -------------------------------------- related portion of
> > named.conf --------------------------------------
> > options {
> > directory "/etc/namedb";
> > pid-file "/var/run/named/pid";
> > dump-file "/var/dump/named_dump.db";
> > statistics-file "/var/stats/named.stats";
> >
> > listen-on {
> > ....
> > 127.0.0.1;
> > 172.16.0.1;
> > 172.16.1.1;
> > 172.16.2.1;
> > 172.31.0.1;
> > };
> >
> > forwarders {
> > 89.222.167.2;
> > 8.8.8.8;
> > };
> > recursion yes;
> > allow-recursion {0/0;};
> > };
> >
> > ...
> >
> > view internal {
> > match-clients {
> > 127.0.0.0/8;
> > 172.16.0.0/12;
> > };
> > ...
> > zone "united-networks.ru" {
> > type master;
> > file "master/forward/united-networks.ru.internal";
> > allow-transfer {
> > 172.16.0.2;
> > 172.16.16.2;
> > 172.31.16.16;
> > 172.31.17.0;
> > 172.31.18.0;
> > };
> > };
> > ...
> > };
> > ...
> >
> > ----------------------------------------------------------------------------
> > -------------------------------
> >
> > Kind regards,
> > Ellad
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list