Delegation
John Bond
john.r.bond at gmail.com
Thu Feb 14 17:34:12 UTC 2008
Hello list,
I am hoping that someone will be able to help me with an issue I had
assumed would be simple to resolve but is proving otherwise.
Currently our dns infrastructure runs bind 9.3.0 it has one primary
and and 7 Slaves. At the moment we are in the process of migrating to
a new infrastructure and we wanted to migrate zones one at a time in a
safe, testable and easily revertible method.
Our primary server on the current infrastructure is ns1.example.com,
(slaves: ns2.example.com - ns8.example.com),
the primary on the new infrastructure is ns1.example.net (salves:
ns2.example.net & ns3.example.net) and
the zone to transfer/migrate is test.org
I have set up the zone test.org on the new infrastructure and querying
the box directly works fine, the registered nameservers for test.org
in the root domain .org zone is set to ns1.example.com (and the rest
of that infrastructure) . Until I am confident that things work I
would like to leave things like that. However I want ns1.example.com
to send all requests to the new infrastructure (delegate?). I dont
think fowarders will do what i want as i need to test a faliure to the
primary server and ensure the slaves kick in. In an effort to fix
this i created the following zone on ns1.example.com
#################zone file for test.org#############################
$TTL 60
@ IN SOA ns1.example.com. hostmaster.ns1.example.com (
2008021409 ;Serial yyyymmddvv
21600 ;Refresh 6 hours
900 ;Retry 15 minutes
1209600 ;Expire 2 weeks
12800) ;Min 3 hours
IN NS ns1.example.net.
IN NS ns2.example.net.
IN NS ns3.example.net.
###############end zone file for test.org###########################
I had hoped that this would delegate the entire zone to the new
infrastructure but when i test* my query stops at ns1.example.com and
is never forwarded to ns1.eduserv.net. If i do an NS lookup though it
appears as if everything is set up correctly.
I have tried google and nothing comes up. i am starting to come to
the conclusion that the way I'm doing things is not the correct way.
if anyone could point me in the right direction of what im doing wrong
and how i can archive what i want it would be much appreciated.
Everything below here is testing output
thanks john
*see below for test results note that real fqdn have been swapped for
the domains used above
########################################################
dig +trace test0.test.org
; <<>> DiG 9.4.2 <<>> +trace test0.test.org
;; global options: printcmd
. 4759 IN NS b.root-servers.net.
. 4759 IN NS c.root-servers.net.
. 4759 IN NS d.root-servers.net.
. 4759 IN NS e.root-servers.net.
. 4759 IN NS f.root-servers.net.
. 4759 IN NS g.root-servers.net.
. 4759 IN NS h.root-servers.net.
. 4759 IN NS i.root-servers.net.
. 4759 IN NS j.root-servers.net.
. 4759 IN NS k.root-servers.net.
. 4759 IN NS l.root-servers.net.
. 4759 IN NS m.root-servers.net.
. 4759 IN NS a.root-servers.net.
;; Received 433 bytes from 192.168.33.223#53(192.168.33.223) in 2 ms
org. 172800 IN NS B0.ORG.AFILIAS-NST.org.
org. 172800 IN NS A0.ORG.AFILIAS-NST.INFO.
org. 172800 IN NS C0.ORG.AFILIAS-NST.INFO.
org. 172800 IN NS D0.ORG.AFILIAS-NST.org.
org. 172800 IN NS TLD2.ULTRADNS.NET.
org. 172800 IN NS TLD1.ULTRADNS.NET.
;; Received 430 bytes from 192.112.36.4#53(g.root-servers.net) in 192 ms
test.org. 86400 IN NS ns1.example.com.
test.org. 86400 IN NS ns2.example.com.
;; Received 101 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO) in 21 ms
test.org. 60 IN SOA ns1.example.com.
hostmaster.ns1.example.com 2008021409 21600 900 1209600 12800
;; Received 113 bytes from 123.123.123.123#53(ns1.example.com) in 17 ms
################################################
dig +trace NS test.org
; <<>> DiG 9.4.2 <<>> +trace NS test.org
;; global options: printcmd
. 4237 IN NS b.root-servers.net.
. 4237 IN NS c.root-servers.net.
. 4237 IN NS d.root-servers.net.
. 4237 IN NS e.root-servers.net.
. 4237 IN NS f.root-servers.net.
. 4237 IN NS g.root-servers.net.
. 4237 IN NS h.root-servers.net.
. 4237 IN NS i.root-servers.net.
. 4237 IN NS j.root-servers.net.
. 4237 IN NS k.root-servers.net.
. 4237 IN NS l.root-servers.net.
. 4237 IN NS m.root-servers.net.
. 4237 IN NS a.root-servers.net.
;; Received 433 bytes from 192.168.33.223#53(192.168.33.223) in 14 ms
org. 172800 IN NS C0.ORG.AFILIAS-NST.INFO.
org. 172800 IN NS D0.ORG.AFILIAS-NST.org.
org. 172800 IN NS TLD1.ULTRADNS.NET.
org. 172800 IN NS TLD2.ULTRADNS.NET.
org. 172800 IN NS A0.ORG.AFILIAS-NST.INFO.
org. 172800 IN NS B0.ORG.AFILIAS-NST.org.
;; Received 424 bytes from 192.36.148.17#53(i.root-servers.net) in 19 ms
test.org. 86400 IN NS ns1.example.com.
test.org. 86400 IN NS ns2.example.com.
;; Received 95 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO) in 22 ms
test.org. 60 IN NS ns1.example.net.
test.org. 60 IN NS ns2.example.net.
test.org. 60 IN NS ns0.example.net.
;; Received 102 bytes from 152.78.129.184#53(clover.sucs.soton.ac.uk) in 16 ms
#################################################
dig test0.test.org @ns1.example.net
; <<>> DiG 9.4.2 <<>> test0.eduserv-test.org @ns1.example.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37523
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;test0.test.org. IN A
;; ANSWER SECTION:
test0.test.org. 60 IN A 123.123.123.123
;; AUTHORITY SECTION:
test.org. 60 IN NS ns1.example.net.
test.org. 60 IN NS ns2.example.net.
test.org. 60 IN NS ns3.example.net.
;; ADDITIONAL SECTION:
ns1.example.net. 60 IN A 123.123.123.123
ns2.example.net. 60 IN A 123.123.123.124
ns3.example.net. 60 IN A 123.123.123.125
;; Query time: 3 msec
;; SERVER: 123.123.123.123#53(ns0.test.org)
;; WHEN: Thu Feb 14 17:12:18 2008
;; MSG SIZE rcvd: 172
dig NS @example.com
More information about the bind-users
mailing list