having my master nameserver resolve another zone...

Cricket Liu cricket at nxdomain.com
Wed Jan 29 21:24:16 UTC 2003 


On Wednesday, January 29, 2003, at 12:49  PM, Christopher L. Barnard 
wrote:

> I must be missing something here, but I do not see what.
>
> I am trying to add the new zone "corp.cbot.com" under the existing 
> cbot.com.
> Because of some other requirements, this server is actually "cbott.com"
> (note the extra t).  cbott.com has been registered with Internic, so 
> that
> should not be an issue.  I suppose it does not matter actually, since 
> it
> is internal-only...
>
> What I am trying to do is have a machine "foobar.cbott.com" resolve as
> "foobar.corp.cbot.com", thus masking the fact that it is really in the
> cbott.com zone.  I am trying to fight one forest fire at a time, so I
> want to resolve just "foobar.cbott.com" first.  Then I'll tackle 
> having it
> resolve as foobar.corp.cbot.com.  I have put in the master forward dns
> table the glue records
>
> cbott.com.      IN      NS      cbottad1.cbott.com.
> cbott.com.      IN      NS      cbottad2.cbott.com.
>
> and the corresponding A records for their IP.
>
> cbottad1.cbott.com.             IN A    164.74.77.101
> cbottad2.cbott.com.             IN A    164.74.77.102
>
> I can use DiG to transfer the zone, so I know that a DNS server is
> running on these boxes.  However, when I do a dig on the record, it is
> unknown:
>
> srvns1!/var/named/etc/domain >> dig @srvns1 cbottad1.cbott.com
>
> ; <<>> DiG 9.2.1 <<>> @srvns1 cbottad1.cbott.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54790
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;cbottad1.cbott.com.            IN      A
>
> ;; AUTHORITY SECTION:
> com.                    10690   IN      SOA     A.GTLD-SERVERS.NET. 
> NSTLD.VERISIGN-GRS.com. 2003012900 1800 900 604800 86400
>
> ;; Query time: 2 msec
> ;; SERVER: 164.74.143.202#53(srvns1)
> ;; WHEN: Wed Jan 29 13:21:50 2003
> ;; MSG SIZE  rcvd: 109
>
> btw, this is an internal nameserver configuration.  Those of you who 
> might
> do an access of cbot.com will get the "outside" DNS that is done by 
> uunet.

Even though it's an internal name server, it's got a cached NXDOMAIN 
response
from one of the com name servers.  (It's probably marked authoritative 
because
this is a BIND 8 name server with auth-nxdomain set.)

Are you sure this name server is in fact authoritative for cbott.com?  
It's not
responding as though it is.

cricket

More information about the bind-users mailing list