sub domain for ddns - resolving

Guido Roeskens groeskens at bluewin.ch
Wed May 11 08:16:06 UTC 2005 

Vernon A. Fort wrote:
> I have successfully configured an internal name server to allow for ddns 
> for my dynamic ip address (dhcpd), both forward and reverse within 
> separate files.  My initial intension was to keep the primary/static 
> hosts within a manually editable file.  Unfortunately, I discovered you 
> cannot push out a Search List to the workstations via dhcpd AFTER I got 
> well into the setup.  I have googled and read several posts with similar 
> issues but no conclusions.
> 
You 'll have to configure the search list manually on the clients.

> DETAIL:
>        primary domain:      mysite.int with "20.168.192.in-addr.arpa"
>        secondary domain:   ddns.mysite.int with 
> "20.168.192.ddns.in-addr.arpa"
> 
>   So, how does one have the ddns sub-domain assigned to the Workstation 
> resolve hosts entries within the primary domain.  As I understand, named 
> is NOT a resolver, it just returns answers to the query from the 
> workstation?
yes, the entries in the serach list are appended to a short name like 'dns'

/etc/resolv.conf
---
nameserver 192.168.1.1
nameserver 192.168.1.2

search ddns.example.com example.com
---

nslookup host1
-> the resolver library asks for host1.ddns.example.com
    and if it doesn't find an answer it asks for
    host1.example.com and at last it asks for host1.
    (which doesn't exist)

Side effect: Some resolvers always try the search list first
no matter how many labels are in a name.
nslookup www.google.com
-> the resolver library asks for www.google.com.ddns.example.com
    then it asks for www.google.com.example.com and finally it
    asks for www.google.com.
    nslookup www.google.com. (with a dot) does the lookup as
    you intend it.

> 
>   What I need is the workstation host (wkst01.ddns.mysite.int) to 
> resolve serverone (serverone.mysite.int) without the FQDN.
> 
Fix the search list on the client manually
Unix: File /etc/resolv.conf
Windows XP: Network Connections / Your Adapter / TCP/IP in the list 
Click on [Properties], Click [Advanced], Tab [DNS]
There you can choose 'Append primary and connection specific suffixes'
or enter the list manually (which I preffer). You can also change the
order in which the list items are tried.

>       1.  Is there something I missed, similar to the $GENERATE 
> statement for the in-addr.arpa
>        2.  Run Dual name server, the sub-domain forwarding to the primary?
> 
None of this works.
> Or should I just scrap the sub-domain idea and just have everything 
> within two zone files, using nsupdate to add/modify/remove?  I have 
> already invested 12 hours, most of it reading.  I know this has been 
> asked several times but I have not found any firm conclusion.  Some 
> advise PLEASE!
> 
If you use only one zone file you need to protect it with a
strict update-policy

http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html

Let's assume you have a web server (www), a mail server (mail) and
two nameservers (ns1 and ns2)
These records should only be updated by you (using a different key)

To keep things (security) simple, I'd suggest using two domains.


Guido

More information about the bind-users mailing list