bind4 to bind8 - noforward to view or what...?
Erik Engberg
Erik.Engberg at cygate.se
Tue Dec 28 21:11:55 UTC 1999
Hello everybody,
I have a pretty old bind4 (probably with the noforward patch) that needs to
be updated.
This server is labeled as a "rootDNS" internal to the company (which could
be discussed).
Of course I ran into some trouble and now I don´t really know where to go
next... so any help is really appreciated!
the old named.boot config (cut out some 40 unessential domains):
---snip---
directory /etc/domain
noforward xxx.se
primary xxx.SE db.xxx.SE
primary yyy.zzz.SE db.yyy.zzz.SE
primary 127.IN-ADDR.ARPA db.127
primary 32.10.IN-ADDR.ARPA db.10.32
noforward 32.10.IN-ADDR.ARPA
primary 48.10.IN-ADDR.ARPA db.10.48
noforward 48.10.IN-ADDR.ARPA
forwarders xxx.xxx.xxx.xxx xxx.xxx.xxx.xxy
slave
---snip---
the problem is now that there are multiple domains under xxx.SE that has
their own nameservers. And here it gets REALLY complicated, for instance
ggg.xxx.SE has ca 120 subsubdomains like aaa.ggg.xxx.SE and bbb.ggg.xxx.SE
as well as plenty of hosts...
the bind4 "rootdns" obviously asks the nameserver for ggg.xxx.SE when
queried and returns this.
In the db files (like db.xxx.SE) there are a cpl of hundred (if not even
thousands) entries like this for instance:
$ORIGIN xxx.SE.
ggg IN NS ns01.ggg
IN NS ns02.ggg
ns01.ggg IN A xxx.xxx.xxy.xyx
ns02.ggg IN A xxx.xxx.xxy.xyy
and in the db.10.32 there are entries like:
32 IN NS merkur.bbb.xxx.SE.
IN NS tellus.bbb.xxx.SE.
33 IN NS merkur.bbb.xxx.SE.
IN NS tellus.bbb.xxx.SE.
34 [etc.... goes on and on the same ]
I have tried with lots of configuration options in named.conf and currently
its like this:
---snip---
options {
directory "/etc/domain";
pid-file "/var/run/named.pid";
forwarders { 192.44.242.66; 192.44.242.66; 192.44.243.66;
192.44.243.66;};
forward only;
check-names master warn;
check-names slave ignore;
};
zone "xxx.SE" {
type master;
file "db.xxx.SE";
};
zone "yyy.zzz.SE" {
type master;
file "db.yyy.zzz.SE";
};
### all from here had "noforward" in the old config
zone "32.10.IN-ADDR.ARPA" {
type master;
file "db.10.32";
forwarders { };
};
zone "48.10.IN-ADDR.ARPA" {
type master;
file "db.10.48";
forwarders { };
};
---end ---
This server works fine resolving all xxx.SE names.. but does not resolv
ggg.xxx.SE or any subdomains ;(
Also, I got a tip to try something like the following:
view {
domain { "!xxx.se"; } ;
forward on no-domain to { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx };
};
but it dont seem to be implemented yet (forward on no-domain).
So my real question is: How could I make this work (without too much work,
like defining all subdomains in named.conf or redoing stuff in the other
nameservers)?
Any requests that don´t validate to any of the subdomains under xxx.SE (or
similar) should also be redirected to an external internet DNS. Im not sure
this works properly either....
Any help to resolv these issues would be extremely appreciated.
Maybe its not even a good idea upgrading?
best regards
Erik
__________________________________________
<<...>>
Erik Engberg
Security Specialist
Cygate Sweden AB
Brovägen 1
182 74 Stocksund, Sweden
Tel: +46 8 630 50 00
Fax: +46 8 630 50 01
http://www.cygate.se/sweden
More information about the bind-users
mailing list