Is my slave DNS working right?

Rob Z buddy.zee at gmail.com
Thu Jul 30 18:38:36 UTC 2009 

Uh, OK. Thanks for that.
So, how can I confirm that my formerly "caching only" DNS server is now
fetching records from transferred zone files?
TIA
--
Rob

On Wed, Jul 29, 2009 at 12:31 PM, Kevin Darcy <kcd at chrysler.com> wrote:

> The +trace option *forces* dig to step through each level of the hierarchy.
>
> Therefore it's not a good way of testing any kind of "override" of the
> normal iterative-resolution process.
>
>
>                                     - Kevin
>
> Rob Z wrote:
>
>> Hello list,
>> Here's my scenario:
>> I have multiple DNS servers (one master and a few slaves) authoritative
>> for a few zones (eg mydomain.com <http://mydomain.com>,
>> zone1.mydomain.com <http://zone1.mydomain.com> etc).
>> I also have a caching server (a stock Redhat caching-nameserver.rpm
>> configuration, BIND 9.2.4 ) which is used by clients on LAN to query DNS for
>> zone1.mydomain.com <http://zone1.mydomain.com>.
>> As far as I understand this caching server does a full recursive
>> resolution to get information for zone1.mydomain.com <
>> http://zone1.mydomain.com> ( going to root servers, then going to .com
>> servers then to mydomain.com <http://mydomain.com> server).
>> My obective is to convert this caching server into a slave server, which
>> will transfer the full zone1.mydomain.com <http://zone1.mydomain.com>.
>> Am I correct in the assumption that the slave server should answer queries
>> for zone1.mydomain.com <http://zone1.mydomain.com> directly as it has all
>> the information?
>> I modified the config by adding
>> zone "zone1.mydomain.com <http://zone1.mydomain.com>" {
>>        type slave;
>>        file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>";
>>        masters { A.B.C.D; };
>> };
>> to the caching server config and configured the master server to allow
>> transfers. The zone is being transfered correctly, mydomain/
>> hosts.mydomain.com <http://hosts.mydomain.com> is popupated.
>> However,
>>  dig +trace @localhost host1.zone1.mydomain.com <
>> http://host1.zone1.mydomain.com>
>> shows that the server is still doing a full recursion, going to the root
>> servers, tld servers etc.
>> What am I missing? Do I also have to list my caching server as NS record
>> in the zone1.mydomain.com <http://zone1.mydomain.com>?
>> It's located on a private network and won't be able to answer queries from
>> the Internet.
>> Attached is my config file
>> ===================================================
>> //
>> // named.conf for Red Hat caching-nameserver
>> //
>>
>> options {
>>        directory "/var/named";
>>        dump-file "/var/named/data/cache_dump.db";
>>        statistics-file "/var/named/data/named_stats.txt";
>>        /*
>>         * If there is a firewall between you and nameservers you want
>>         * to talk to, you might need to uncomment the query-source
>>         * directive below.  Previous versions of BIND always asked
>>         * questions using port 53, but BIND 8.1 uses an unprivileged
>>         * port by default.
>>         */
>>         // query-source address * port 53;
>> };
>>
>> //
>> // a caching only nameserver config
>> //
>> controls {
>>        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>> };
>>
>> zone "." IN {
>>        type hint;
>>        file "named.ca <http://named.ca>";
>> };
>>
>> zone "localdomain" IN {
>>        type master;
>>        file "localdomain.zone";
>>        allow-update { none; };
>> };
>>
>> zone "localhost" IN {
>>        type master;
>>        file "localhost.zone";
>>        allow-update { none; };
>> };
>>
>> zone "0.0.127.in-addr.arpa" IN {
>>        type master;
>>        file "named.local";
>>        allow-update { none; };
>> };
>>
>> zone
>> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN
>> {
>>        type master;
>>        file "named.ip6.local";
>>        allow-update { none; };
>> };
>>
>> zone "255.in-addr.arpa" IN {
>>        type master;
>>        file "named.broadcast";
>>        allow-update { none; };
>> };
>>
>> zone "0.in-addr.arpa" IN {
>>        type master;
>>        file "named.zero";
>>        allow-update { none; };
>> };
>>
>> zone "zone1.MYDOMAIN.COM <http://zone1.MYDOMAIN.COM>" {
>>        type slave;
>>        file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>";
>>        masters { A.B.C.D; };
>> };
>>
>> include "/etc/rndc.key";
>> ===================================================
>> Thanks
>> Rob
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090730/677abaaf/attachment.html>

More information about the bind-users mailing list