Dynamic DNS on User network & static DNS: synergy problems

Thu Jun 24 22:54:56 UTC 2004

Hello,

I am responsible for getting DNS moved over to bind for our
interoffice DNS servers. We are trying to add functionality to these
servers so that they will allow dhcp leases (to windows 2000 clients)
to create dns entries in the users.domain.com zone (i.e. 
jimmy.users.domain.com). While I have this part working (and reverse
mappings), it is proving difficult to do somthing else that we
absolutely need.  In our current scheme windows boxes are just given
the domain suffix domain.com, so when they go to type in a machine
name like: iceberg, there box will search domain.com and return with
iceberg.domain.com which resolves correctly.  However, when I allow
dhcp to assign users the dns suffix of users.domain.com, they are
unable to resolve iceberg to iceberg.domain.com.  I know that I can
include all of the domain.com entries as A records in user.domain.com,
but this is cumbersome. Also, I know I could manually go to each
machine (or registry hack) and set them to search other domain
suffixes.  What I don't know if there is an easy fix for this so I can
just tell bind to resolve all queries for iceberg (or any other
machine name) to domain.com instead of duplicating the entries in a
second zone. I have included my named.conf and both the
users.domain.zone and domain.zone.  I left out the reverse mapping
zones, they already work ok. Please Help!

--thanx,
steve

--- named.conf

key mykey {
        algorithm hmac-md5;
	        secret "secret";
};

acl "users"     { 172.16.100.0/24; 127.0.0.1;};

logging {
	channel "syslog7" {
		syslog local7;
		severity info;
	};
	category "default" {
		"syslog7";
	};
	};

options {
	directory "/var/bind";

	// uncomment the following lines to turn on DNS forwarding,
	// and change the forwarding ip address(es) :
	forward first;
	forwarders {
		198.6.1.1;
		198.6.1.2;
		198.6.1.122;
		198.6.1.144;
	};

	listen-on-v6 { none; };
        listen-on { 127.0.0.1; 172.16.100.3; };

	// to allow only specific hosts to use the DNS server:
	allow-query {"users"; 172.16.1.0/24; };

	// if you have problems and are behind a firewall:
	//query-source address * port 53;
	pid-file "/var/run/named/named.pid";
};

zone "127.in-addr.arpa" {
	type master;
	file "pri/127.zone";
	allow-update { none; };
	notify no;
};

zone "domain.com" {
	type master;
	file "pri/domain.zone";
	allow-update { none; };
	notify no;
};

zone "users.domain.com" {
	type master;
	file "pri/users.domain.zone";
	allow-update { key mykey ; };
	notify no;
};

#zone "." {
#	type hint;
#	forward first;
#	file "pri/domain.zone"
#};

#zone "." IN {
#        type hint;
#        file "named.root";
#};
#zone "." {
#	type hint;
#	file "pri/domain.zone";
#	
#};

--------users.domain.zone

$ORIGIN .
$TTL 259200	; 3 days
users.domain.com	IN SOA	ns1.domain.com. dnsadmin.domain.com. (
				2004061638 ; serial
				28800      ; refresh (8 hours)
				7200       ; retry (2 hours)
				2419200    ; expire (4 weeks)
				86400      ; minimum (1 day)
				)
			NS	ns1.users.domain.com.
			MX	10 smtp1.domain.com.
			MX	20 smtp2.domain.com.

localhost		A	127.0.0.1
ns1			A	172.16.100.3

------------- domain.zone

$TTL 3D
@	IN	SOA	ns1.domain.com. dnsadmin.domain.com	(
			2004061608	; Serial
			8H		; Refresh
			2H		; Retry
			4W		; Expire
			1D )		; Minimum TTL 
;
					NS	ns1 ;
					MX	10	smtp1.domain.com ; 
					MX	20	smtp2.domain.com ;
;

localhost				A	127.0.0.1
ns1					A 	172.16.100.3

ta_file					A	172.16.1.36
svcpix					A	172.16.1.57
t_a					A	172.16.1.52
ta-sql					A	172.16.1.38
ta-sql01				A	172.16.1.38
ta-webapp				A	172.16.1.38
ta_master				A	172.16.1.52
ta_print				A	172.16.1.4
tadomain				A	172.16.1.7
talegal					A	172.16.1.41
utility					A	172.16.1.27
web					A	172.16.1.56
www					A	172.16.1.44