Delegation in BIND 8

Loucks, Guy Guy.Loucks at det.nsw.edu.au
Wed Sep 20 05:38:57 UTC 2000 

People,

Further to my previous note the other week, we are still having some
peculiar errors with BIND 8. It appears that it simply will not delegate.
There has to be something simple missing.

Servers 153.107.41.18 and 146 are our external DNS servers. With a subset of
externally visible DNS information.

Our internal servers consolidate up to our "primary", we have geographic
secondary servers located throughout the state.

We are in the process of looking at the Windows 2000 product, to do that we
need to isolate a DNS area for them to keep information the business simply
does not require out of our core servers.

To do this we have set up a phantom root:

DET.LAB

And we are trying to delegate this to the W2k AD servers. When we query the
W2k boxes, they appear happy. However we can not get the main DNS server to
talk with it:

Sep 20 15:45:27 erg named[502]: /etc/namedb/named.conf:4963: syntax error
near forward
Sep 20 15:45:27 erg named[502]: no type specified for zone 'det.lab'
Sep 20 15:45:27 erg named[502]: zone 'det.lab' did not validate, skipping
Sep 20 15:45:27 erg named[502]: /etc/namedb/named.conf:4973: syntax error
near '}'

The second line above seems to be the key. The named.conf extract is below.
We have tired it with and without forward only. We have tried removing all
forwarders and setting up phantom entries in named.ca for our external DNS
servers, to no avail.

Your thoughts would be most appreciated. Please email me directly and I will
summarise again.

options {
        directory "/etc/namedb/ns_db";
//      forward only;
        forwarders {
                153.107.41.18;
                153.107.41.146;
                153.107.41.18;
                153.107.41.146;
                153.107.41.18;
                153.107.41.146;
        };
        multiple-cnames yes;
        version "Surely you must be joking!";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};

//
// named.boot file for NSW DET DNS services.
//

<SNIP>

zone "det.lab" {
        type forward;
        forward only;
        forwarders {
        153.107.59.131;
        153.107.59.132;
        153.107.59.131;
        153.107.59.132;
        153.107.59.131;
        153.107.59.132;
        };
};

"named.conf" 5009 lines, 86932 characters

Cheers,

Guy

Guy R. Loucks
Senior Unix Systems Administrator
Networks Branch
NSW Department of Education & Training
Information Technology Bureau
Direct +61 2 9942 9887
Fax +61 2 9942 9600
Mobile +61 (0)429 041 186
Email guy.loucks at det.nsw.edu.au

More information about the bind-users mailing list