more on delegating subdomain

Kevin Darcy kcd at daimlerchrysler.com
Fri Feb 14 23:01:39 UTC 2003 

If your nameserver needs to resolve a name that's not in its
authoritative data (i.e. the data of a zone for which the nameserver is
master or slave) and is not in its cache, then it either needs to
"forward" queries to other nameservers (i.e. send queries to other
nameservers the identity of which is manually configured) or it needs to
"iterate" from some higher point in the namespace hierarchy (e.g. the
root zone), following delegations down until it gets to a nameserver
which can answer the query from its authoritative data. When all of the
mhra.mb.ca data was in the mhra.mb.ca zone, the choice of whether to use
forwarding or iterative resolution was moot, since all of the answers
were in the authoritative data for mhra.mb.ca, but once you delegated a
subzone, the forwarding-versus-iterative-resolution decision came into
play, and the global default of forwarding controlled until you overrode
it just now via "forwarders { }".


- Kevin

Matt Kehler wrote:

> Okay, so I got too excited (sad) and tried it..it works!!   So why
> exactly does it NOT work without a blank forwarders section?  Any why
> hasn't anyone else ever run into this problem before?  I searched all
> over the place looking for an answer!
>
> thx!!!
> Matt
>
> >>> Kevin Darcy <kcd at daimlerchrysler.com> 02/14/03 04:20PM >>>
> Try putting "forwarders { };" in the zone definition of wrha.mb.ca.
> That'll
> tell named to not forward queries for names in any of its descendant
> zones.
> (Hopefully you don't have any other subzones of wrha.mb.ca that you
> *do*
> want forwarded...)
>
> - Kevin
>
> Matt Kehler wrote:
>
> > I'm not sure what you mean. Our primary internal nameserver
> > (wrha001ns04) DOES do some forwarding to other domains.  It IS
> > authoritative for wrha.mb.ca.
> >
> > Basically..we have 2 bind servers internally for name resolution,
> > anything they can't resolve they forward to internet accessible
> > nameservers. we created a subdomain of ad.wrha.mb.ca to handle our
> win2k
> > implementation.  Since everything on our network points to our 2
> name
> > servers...we just figured we would add ad.wrha.mb.ca, delegate it to
> a
> > win2k dns server, and away we go.
> >
> > It seemed as though simply adding the proper entries within our
> > wrha.mb.ca zone file to delegate the ad subdomain to the win2k
> server
> > was all we had to do.
> >
> > I think that makes sense...:)
> >
> > thx
> > Matt
> >
> > Matt Kehler
> > Senior Network Analyst
> > Winnipeg Regional Health Authority
> > mkehler at wrha.mb.ca
> > ph  204.926.7069
> > fax 204.943.8014
> >
> > >>> Kevin Darcy <kcd at daimlerchrysler.com> 02/14/03 15:27 PM >>>
> > Ah, I understand now.
> >
> > Are you using forwarding, by any chance? Any nameserver which is
> > authoritative for wrha.mb.ca but *not* authoritative for
> ad.wrha.mb.ca
> > will
> > forward queries (instead of following the delegation), if that is
> its
> > default behavior for resolving names outside of its authoritative
> zones.
> >
> > - Kevin
> >
> > Matt Kehler wrote:
> >
> > > What I meant was that running tcpdump on wrha001ad01 nothing ever
> > comes
> > > into that nameserver at all. I'm not sure why.
> > >
> > > Matt
> > >
> > > >>> Kevin Darcy <kcd at daimlerchrysler.com> 02/14/03 15:06 PM >>>
> > > Matt Kehler wrote:
> > >
> > > > I am resending this as we had a email issue last night and some
> > stuff
> > > > was lost.   I'm trying to delegate a subdomain..its not working.
> I
> > do
> > > > not see the requests go out of my primary domain nameserver.
> I'm
> > > using
> > > > bind9.2.latest.  Snip of my domain zone data file is below from
> my
> > > > primary NS server, wrha001ns04 for the wrha.mb.ca domain, and
> trying
> > > to
> > > > delegate the ad.wrha.mb.ca subdomain off to the nameserver
> > wrha001ad01
> > > > (at 172.19.40.21)  .  is the below not correct?
> > > >
> > > > >>>>>>>>>>>>>
> > > > [root at wrha001ns04 etc]# cat wrha.mb.ca.hosts.internal
> > > > $ttl 38400
> > > > wrha.mb.ca.     IN      SOA     wrha001ns04. root (
> > > >                         1030053590
> > > >                         10800
> > > >                         3600
> > > >                         604800
> > > >                         38400 )
> > > > wrha.mb.ca.     IN      NS      wrha001ns04.
> > > > ad.wrha.mb.ca.  IN      NS      wrha001ad01.ad.wrha.mb.ca.
> > > > home.wrha.mb.ca.        IN      A       172.19.40.30
> > > > proxy.wrha.mb.ca.       IN      A       172.19.40.5
> > > > wrha1_srv.wrha.mb.ca.   IN      A       172.19.40.10
> > > > apps.wrha.mb.ca.        IN      A       172.19.40.19
> > > > wrha001ad01.ad.wrha.mb.ca.      IN      A       172.19.40.21
> > >
> > > Why would you expect to see requests "go out of your primary
> domain
> > > nameserver"? Presumably by this you mean the wrha001ns04
> nameserver.
> > > Since
> > > you've delegated ad.wrha.mb.ca to the nameserver
> > > wrha001ad01.ad.wrha.mb.ca, queries for anything in that zone would
> go
> > to
> > > that nameserver instead.
> > >
> > > - Kevin

More information about the bind-users mailing list