Is my slave DNS working right?

Wed Jul 29 16:15:22 UTC 2009

Hello list,
Here's my scenario:
I have multiple DNS servers (one master and a few slaves) authoritative for
a few zones (eg mydomain.com, zone1.mydomain.com etc).
I also have a caching server (a stock Redhat caching-nameserver.rpm
configuration, BIND 9.2.4 ) which is used by clients on LAN to query DNS for
zone1.mydomain.com.
As far as I understand this caching server does a full recursive resolution
to get information for zone1.mydomain.com ( going to root servers, then
going to .com servers then to mydomain.com server).
My obective is to convert this caching server into a slave server, which
will transfer the full zone1.mydomain.com.
Am I correct in the assumption that the slave server should answer queries
for zone1.mydomain.com directly as it has all the information?
I modified the config by adding
zone "zone1.mydomain.com" {
        type slave;
        file "mydomain/hosts.mydomain.com";
        masters { A.B.C.D; };
};
to the caching server config and configured the master server to allow
transfers. The zone is being transfered correctly, mydomain/
hosts.mydomain.com is popupated.
However,
 dig +trace @localhost host1.zone1.mydomain.com
shows that the server is still doing a full recursion, going to the root
servers, tld servers etc.
What am I missing? Do I also have to list my caching server as NS record in
the zone1.mydomain.com?
It's located on a private network and won't be able to answer queries from
the Internet.
Attached is my config file
===================================================
//
// named.conf for Red Hat caching-nameserver
//

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN
{
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

zone "zone1.MYDOMAIN.COM" {
        type slave;
        file "mydomain/hosts.mydomain.com";
        masters { A.B.C.D; };
};

include "/etc/rndc.key";
===================================================
Thanks
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090729/7812e19d/attachment.html>