Delegation
Chris Buxton
cbuxton at menandmice.com
Fri Feb 15 03:23:17 UTC 2008
As Mark pointed out, you can't do what you want to do. It just won't
work. The only thing you could do would be to configure the old
servers (nsX.example.com) as slaves of ns1.example.net.
To really test without jumping in feet first would require you to set
up a testbed resolving name server. Configure it with a stub zone for
test.org pointing to the example.net servers. Then query it for your
tests. While all this is going on, the example.com name servers act as
if the example.net servers did not exist - they have an authoritative
zone that lists them as the authoritative name servers.
Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone: +354 412 1500
Email: cbuxton at menandmice.com
www.menandmice.com
Men & Mice
We bring control and flexibility to network management
This e-mail and its attachments may contain confidential and
privileged information only intended for the person or entity to which
it is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any retention, dissemination,
distribution or copy of this e-mail is strictly prohibited. If you
have received this e-mail in error, please notify us immediately by
reply e-mail and immediately delete this message and all its attachment.
On Feb 14, 2008, at 9:34 AM, John Bond wrote:
> Hello list,
>
> I am hoping that someone will be able to help me with an issue I had
> assumed would be simple to resolve but is proving otherwise.
>
> Currently our dns infrastructure runs bind 9.3.0 it has one primary
> and and 7 Slaves. At the moment we are in the process of migrating
> to
> a new infrastructure and we wanted to migrate zones one at a time
> in a
> safe, testable and easily revertible method.
>
> Our primary server on the current infrastructure is ns1.example.com,
> (slaves: ns2.example.com - ns8.example.com),
> the primary on the new infrastructure is ns1.example.net (salves:
> ns2.example.net & ns3.example.net) and
> the zone to transfer/migrate is test.org
>
> I have set up the zone test.org on the new infrastructure and
> querying
> the box directly works fine, the registered nameservers for test.org
> in the root domain .org zone is set to ns1.example.com (and the rest
> of that infrastructure) . Until I am confident that things work I
> would like to leave things like that. However I want ns1.example.com
> to send all requests to the new infrastructure (delegate?). I dont
> think fowarders will do what i want as i need to test a faliure to
> the
> primary server and ensure the slaves kick in. In an effort to fix
> this i created the following zone on ns1.example.com
>
> #################zone file for test.org#############################
> $TTL 60
> @ IN SOA ns1.example.com.
> hostmaster.ns1.example.com (
> 2008021409 ;Serial yyyymmddvv
> 21600 ;Refresh 6 hours
> 900 ;Retry 15 minutes
> 1209600 ;Expire 2 weeks
> 12800) ;Min 3 hours
>
> IN NS ns1.example.net.
> IN NS ns2.example.net.
> IN NS ns3.example.net.
>
> ###############end zone file for test.org###########################
>
>
> I had hoped that this would delegate the entire zone to the new
> infrastructure but when i test* my query stops at ns1.example.com and
> is never forwarded to ns1.eduserv.net. If i do an NS lookup though it
> appears as if everything is set up correctly.
>
> I have tried google and nothing comes up. i am starting to come to
> the conclusion that the way I'm doing things is not the correct way.
> if anyone could point me in the right direction of what im doing
> wrong
> and how i can archive what i want it would be much appreciated.
>
> Everything below here is testing output
> thanks john
>
> *see below for test results note that real fqdn have been swapped for
> the domains used above
> ########################################################
> dig +trace test0.test.org
> ; <<>> DiG 9.4.2 <<>> +trace test0.test.org
> ;; global options: printcmd
> . 4759 IN NS b.root-servers.net.
> . 4759 IN NS c.root-servers.net.
> . 4759 IN NS d.root-servers.net.
> . 4759 IN NS e.root-servers.net.
> . 4759 IN NS f.root-servers.net.
> . 4759 IN NS g.root-servers.net.
> . 4759 IN NS h.root-servers.net.
> . 4759 IN NS i.root-servers.net.
> . 4759 IN NS j.root-servers.net.
> . 4759 IN NS k.root-servers.net.
> . 4759 IN NS l.root-servers.net.
> . 4759 IN NS m.root-servers.net.
> . 4759 IN NS a.root-servers.net.
> ;; Received 433 bytes from 192.168.33.223#53(192.168.33.223) in 2 ms
>
> org. 172800 IN NS B0.ORG.AFILIAS-
> NST.org.
> org. 172800 IN NS A0.ORG.AFILIAS-
> NST.INFO.
> org. 172800 IN NS C0.ORG.AFILIAS-
> NST.INFO.
> org. 172800 IN NS D0.ORG.AFILIAS-
> NST.org.
> org. 172800 IN NS TLD2.ULTRADNS.NET.
> org. 172800 IN NS TLD1.ULTRADNS.NET.
> ;; Received 430 bytes from 192.112.36.4#53(g.root-servers.net) in
> 192 ms
>
> test.org. 86400 IN NS ns1.example.com.
> test.org. 86400 IN NS ns2.example.com.
> ;; Received 101 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO)
> in 21 ms
>
> test.org. 60 IN SOA ns1.example.com.
> hostmaster.ns1.example.com 2008021409 21600 900 1209600 12800
> ;; Received 113 bytes from 123.123.123.123#53(ns1.example.com) in
> 17 ms
> ################################################
>
> dig +trace NS test.org
> ; <<>> DiG 9.4.2 <<>> +trace NS test.org
> ;; global options: printcmd
> . 4237 IN NS b.root-servers.net.
> . 4237 IN NS c.root-servers.net.
> . 4237 IN NS d.root-servers.net.
> . 4237 IN NS e.root-servers.net.
> . 4237 IN NS f.root-servers.net.
> . 4237 IN NS g.root-servers.net.
> . 4237 IN NS h.root-servers.net.
> . 4237 IN NS i.root-servers.net.
> . 4237 IN NS j.root-servers.net.
> . 4237 IN NS k.root-servers.net.
> . 4237 IN NS l.root-servers.net.
> . 4237 IN NS m.root-servers.net.
> . 4237 IN NS a.root-servers.net.
> ;; Received 433 bytes from 192.168.33.223#53(192.168.33.223) in 14 ms
>
> org. 172800 IN NS C0.ORG.AFILIAS-
> NST.INFO.
> org. 172800 IN NS D0.ORG.AFILIAS-
> NST.org.
> org. 172800 IN NS TLD1.ULTRADNS.NET.
> org. 172800 IN NS TLD2.ULTRADNS.NET.
> org. 172800 IN NS A0.ORG.AFILIAS-
> NST.INFO.
> org. 172800 IN NS B0.ORG.AFILIAS-
> NST.org.
> ;; Received 424 bytes from 192.36.148.17#53(i.root-servers.net) in
> 19 ms
>
> test.org. 86400 IN NS ns1.example.com.
> test.org. 86400 IN NS ns2.example.com.
> ;; Received 95 bytes from 199.19.56.1#53(A0.ORG.AFILIAS-NST.INFO)
> in 22 ms
>
> test.org. 60 IN NS ns1.example.net.
> test.org. 60 IN NS ns2.example.net.
> test.org. 60 IN NS ns0.example.net.
> ;; Received 102 bytes from
> 152.78.129.184#53(clover.sucs.soton.ac.uk) in 16 ms
>
> #################################################
> dig test0.test.org @ns1.example.net
>
> ; <<>> DiG 9.4.2 <<>> test0.eduserv-test.org @ns1.example.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37523
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;test0.test.org. IN A
>
> ;; ANSWER SECTION:
> test0.test.org. 60 IN A 123.123.123.123
>
> ;; AUTHORITY SECTION:
> test.org. 60 IN NS ns1.example.net.
> test.org. 60 IN NS ns2.example.net.
> test.org. 60 IN NS ns3.example.net.
>
> ;; ADDITIONAL SECTION:
> ns1.example.net. 60 IN A 123.123.123.123
> ns2.example.net. 60 IN A 123.123.123.124
> ns3.example.net. 60 IN A 123.123.123.125
>
> ;; Query time: 3 msec
> ;; SERVER: 123.123.123.123#53(ns0.test.org)
> ;; WHEN: Thu Feb 14 17:12:18 2008
> ;; MSG SIZE rcvd: 172
>
> dig NS @example.com
>
>
More information about the bind-users
mailing list