sub domain for ddns - resolving
Guido Roeskens
groeskens at bluewin.ch
Wed May 11 08:16:06 UTC 2005
Vernon A. Fort wrote:
> I have successfully configured an internal name server to allow for ddns
> for my dynamic ip address (dhcpd), both forward and reverse within
> separate files. My initial intension was to keep the primary/static
> hosts within a manually editable file. Unfortunately, I discovered you
> cannot push out a Search List to the workstations via dhcpd AFTER I got
> well into the setup. I have googled and read several posts with similar
> issues but no conclusions.
>
You 'll have to configure the search list manually on the clients.
> DETAIL:
> primary domain: mysite.int with "20.168.192.in-addr.arpa"
> secondary domain: ddns.mysite.int with
> "20.168.192.ddns.in-addr.arpa"
>
> So, how does one have the ddns sub-domain assigned to the Workstation
> resolve hosts entries within the primary domain. As I understand, named
> is NOT a resolver, it just returns answers to the query from the
> workstation?
yes, the entries in the serach list are appended to a short name like 'dns'
/etc/resolv.conf
---
nameserver 192.168.1.1
nameserver 192.168.1.2
search ddns.example.com example.com
---
nslookup host1
-> the resolver library asks for host1.ddns.example.com
and if it doesn't find an answer it asks for
host1.example.com and at last it asks for host1.
(which doesn't exist)
Side effect: Some resolvers always try the search list first
no matter how many labels are in a name.
nslookup www.google.com
-> the resolver library asks for www.google.com.ddns.example.com
then it asks for www.google.com.example.com and finally it
asks for www.google.com.
nslookup www.google.com. (with a dot) does the lookup as
you intend it.
>
> What I need is the workstation host (wkst01.ddns.mysite.int) to
> resolve serverone (serverone.mysite.int) without the FQDN.
>
Fix the search list on the client manually
Unix: File /etc/resolv.conf
Windows XP: Network Connections / Your Adapter / TCP/IP in the list
Click on [Properties], Click [Advanced], Tab [DNS]
There you can choose 'Append primary and connection specific suffixes'
or enter the list manually (which I preffer). You can also change the
order in which the list items are tried.
> 1. Is there something I missed, similar to the $GENERATE
> statement for the in-addr.arpa
> 2. Run Dual name server, the sub-domain forwarding to the primary?
>
None of this works.
> Or should I just scrap the sub-domain idea and just have everything
> within two zone files, using nsupdate to add/modify/remove? I have
> already invested 12 hours, most of it reading. I know this has been
> asked several times but I have not found any firm conclusion. Some
> advise PLEASE!
>
If you use only one zone file you need to protect it with a
strict update-policy
http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
Let's assume you have a web server (www), a mail server (mail) and
two nameservers (ns1 and ns2)
These records should only be updated by you (using a different key)
To keep things (security) simple, I'd suggest using two domains.
Guido
More information about the bind-users
mailing list