Domaine Non-authoritative answer
list-bind at cardiff.fr
list-bind at cardiff.fr
Wed Jul 16 13:07:48 UTC 2008
Hello everyone,
New to this list, i'll start by saying i've searched a bit old posts, and
made some dig's that may help give you explanation on my problem..
My problem is following, I've set up a new server (we have actually 7
servers in production, some under FC4, others under debian 4.1)
And wanted to transfer domains cardiffusion on it.
We cope domains following this scheme :
Cardiffusion .com/.org/.net/.eu/.be answer to the following ns's :
ns6.cardiffdns.fr and ns2.cardiffdns.fr
Cardiffusion.fr resolves to following ns's : ns4.cardiffdns.fr /
ns2.cardiffdns.fr but is parked and will be transferred to new's dns as soon
as soa problems are solved (afnic restrictive dns policy)
Zone cardiffdns.fr is handle by registrar and is correctly set. These two A
addresses ns6.cardiffdns.fr ns2.cardiffdns.fr resolve correctly to
corresponding Ip's.
I have setup zones for cardiffusion domains, in bind 9 on debian server.
Here is the zone on master : (same zone construction for all domains, just
the .ext differs in each zone)
$TTL 14400
@ IN SOA ns6.cardiffdns.fr. root.cardiffusion.com. (
2008071601
14400
3600
1209600
86400 )
cardiffusion.com. 14400 IN NS ns6.cardiffdns.fr.
cardiffusion.com. 14400 IN NS ns2.cardiffdns.fr.
cardiffusion.com. 14400 IN A 91.121.119.48
ftp 14400 IN A 91.121.119.48
localhost 14400 IN A 127.0.0.1
mail 14400 IN A 91.121.119.48
pop 14400 IN A 91.121.119.48
www 14400 IN A 91.121.119.48
cardiffusion.com. 14400 IN MX 10 mail
cardiffusion.com. 14400 IN TXT "v=spf1 a mx ip4:91.121.119.48 ?all"
Here is the zone in slave : (manually setup)
$ORIGIN .
$TTL 14400 ; 4 hours
cardiffusion.com IN SOA ns6.cardiffdns.fr. root.cardiffusion.com. (
2008071601 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
1209600 ; expire (2 weeks)
86400 ; minimum (1 day)
)
NS ns6.cardiffdns.fr.
NS ns2.cardiffdns.fr.
A 91.121.119.48
MX 10 mail.cardiffusion.com.
TXT "v=spf1 a mx ip4:91.121.119.48 ?all"
$ORIGIN cardiffusion.com.
ftp A 91.121.119.48
localhost A 127.0.0.1
mail A 91.121.119.48
pop A 91.121.119.48
www A 91.121.119.48
and final here is named.conf on master :
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/rndc.key";
acl "trusted" {
193.239.123.10;
193.239.123.11;
193.239.123.20;
193.239.120.222;
87.252.3.101;
87.252.2.45;
};
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };
// From the release notes:
// Because many of our users are uncomfortable receiving undelegated
answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies
delegation-only
// logic to all top level domains, and to the root domain. An exception
list
// should be specified, including "MUSEUM" and "DE", and any other top
level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };
include "/etc/bind/named.conf.local";
zone "cardiffusion.com" { type master; file "/etc/bind/cardiffusion.com.db";
};
zone "cardiffusion.fr" { type master; file "/etc/bind/cardiffusion.fr.db";
};
zone "cardiffusion.eu" { type master; file "/etc/bind/cardiffusion.eu.db";
};
zone "cardiffusion.net" { type master; file "/etc/bind/cardiffusion.net.db";
};
zone "cardiffusion.org" { type master; file "/etc/bind/cardiffusion.org.db";
};
zone "cardiffusion.be" { type master; file "/etc/bind/cardiffusion.be.db";
};
On slave server, when I do :
[root at fed0222 cardiffdata]# dig @91.121.119.48 cardiffusion.com axfr
; <<>> DiG 9.3.1 <<>> @91.121.119.48 cardiffusion.com axfr
; (1 server found)
;; global options: printcmd
; Transfer failed.
[root at fed0222 cardiffdata]# dig cardiffusion.com SOA +norec
@ns2.cardiffdns.fr
; <<>> DiG 9.3.1 <<>> cardiffusion.com SOA +norec @ns2.cardiffdns.fr
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19586
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;cardiffusion.com. IN SOA
;; ANSWER SECTION:
cardiffusion.com. 14400 IN SOA ns6.cardiffdns.fr.
root.cardiffusion.com. 2008071601 14400 3600 1209600 86400
;; AUTHORITY SECTION:
cardiffusion.com. 14400 IN NS ns6.cardiffdns.fr.
cardiffusion.com. 14400 IN NS ns2.cardiffdns.fr.
;; Query time: 1 msec
;; SERVER: 193.239.120.222#53(193.239.120.222)
;; WHEN: Wed Jul 16 15:35:57 2008
;; MSG SIZE rcvd: 124
[root at fed0222 cardiffdata]#
On master server :
ns2014342:/# dig cardiffusion.com SOA +norec @ns6.cardiffdns.fr
; <<>> DiG 9.3.4-P1.1 <<>> cardiffusion.com SOA +norec @ns6.cardiffdns.fr
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28778
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;cardiffusion.com. IN SOA
;; ANSWER SECTION:
cardiffusion.com. 185 IN SOA ns6.cardiffdns.fr.
root.cardiffusion.com. 2008071501 14400 3600 1209600 86400
;; AUTHORITY SECTION:
com. 91397 IN NS M.GTLD-SERVERS.NET.
com. 91397 IN NS A.GTLD-SERVERS.NET.
com. 91397 IN NS B.GTLD-SERVERS.NET.
com. 91397 IN NS C.GTLD-SERVERS.NET.
com. 91397 IN NS D.GTLD-SERVERS.NET.
com. 91397 IN NS E.GTLD-SERVERS.NET.
com. 91397 IN NS F.GTLD-SERVERS.NET.
com. 91397 IN NS G.GTLD-SERVERS.NET.
com. 91397 IN NS H.GTLD-SERVERS.NET.
com. 91397 IN NS I.GTLD-SERVERS.NET.
com. 91397 IN NS J.GTLD-SERVERS.NET.
com. 91397 IN NS K.GTLD-SERVERS.NET.
com. 91397 IN NS L.GTLD-SERVERS.NET.
;; Query time: 0 msec
;; SERVER: 91.121.119.48#53(91.121.119.48)
;; WHEN: Wed Jul 16 14:49:05 2008
;; MSG SIZE rcvd: 316
What i understand, is that for some reason, where i should have flags, qr aa
ra on ns6.cardiffdns.fr, I only have qr ra and this is not normal.
What I do not know is how to correct this authority problem for this server.
Please anyone, for some help on my problem ???
More information about the bind-users
mailing list