DNS setup still stumbling over subdomains

Kevin Darcy kcd at daimlerchrysler.com
Tue Sep 24 02:07:43 UTC 2002 

iomatic wrote:

> What are some ways i can check to see if my zone file is correctly
> configured?
>
> Two questions no one i've asked has been able to answer:
> 1) do you use CNAME or A records in the master zone file to point to a
> subdomain/virtual host, or do you create a new zone file for the
> subdomain (even if it's a name-based virtual host)?

You could do it either way, but unless you have a good reason for
creating a new subzone with only one A record in it, a CNAME would appear
to be the more straightforward method.

> 2) do you point to the internal or external IP with a loopback router
> (linksys)?

I don't know what you mean by "loopback router". Do you mean NAT? In any
case, if your internal IP is in a private range like 192.168/16, then
obviously you shouldn't publish that to the Internet (see RFC 1918 if you
don't understand why).

> i had previously had internal IP numbers in A records, and multiple
> zone files for each subdomain/vhost. this worked with the netgear
> which had no loopback. of course i couldn't browse/use my own domain
> by name via LAN--very bad for testing/laptops.
>
> replacing the router with the linksys broke the virtual hosts
> (browsing http goes straight to the master domain). i changed the IP
> to external, and that works for www.domain.com, telnet (LAN and WAN)
> but not for anything else. FTP only works now if PASV is turned off in
> clients (which was not the case before).

I still don't quite understand what you're talking about. You haven't
provided some necessary background information, e.g. do you have complete
control over the nameserver that hosts your domain? What are your clients
pointed to for resolving DNS, and do you have complete control over that
nameserver? Are they the same server? Is one/either/both of it/them
behind the NAT/firewall?

If you want the same name to resolve differently internally versus
externally, chances are you need multiple nameservers, multiple
nameserver instances running on the same box, or a single BIND 9 instance
with "view"s configured, but how you configure all of this depends on how
you're set up currently, and that's not very clear to me.

> another question; what's the proper setup for making this same
> web/mail/DNS/FTP the NS? like:
>
> server NS ns1.domain.com
> ns1 A 111.111.111.111

>
> or
>
> server NS ns1.domain.com
> ns1 CNAME domain.com

It's illegal for an NS record to point to a CNAME.


- Kevin

More information about the bind-users mailing list