Bind doesn't make zone delegation.
Peter Andreev
andreev.peter at gmail.com
Thu Apr 19 09:58:31 UTC 2012
Hi,
First of all, nslookup isn't a good tool for debug DNS problems. Use dig
instead.
Could you show the output of "dig @freebsdbox sokol.msk.united-networks.ru.
NS +norec" run from freebsd box itself?
2012/4/19 Ellad G. Yatsko <eyatsko at ngs.ru>
>
> Hello!
>>
>> I have FreeBSD 7.2 x64 installed. And Bind 9.4:
>>
>> /etc/namedb> named -v
>> BIND 9.4.3-P2
>>
>> I have zone "/united-networks.ru/" and I try to do the following:
>> ...
>> $ORIGIN sokol.msk.united-networks.ru.
>> @ IN NS srvgate
>> srvgate IN A 172.31.16.16
>> $ORIGIN united-networks.ru.
>> ...
>>
>> As I understand I delegated the SOA (IN NS) to server with name
>> srvgate.sokol.msk.united-**networks.ru<http://srvgate.sokol.msk.united-networks.ru>("srvgate" has no tailing "dot"
>> so domain "sokol.msk.united-networks.ru" from $ORIGIN operator will be
>> appended), then I placed "glue"-record with srvgate.sokol.msk's
>> address.
>> It is because as I understood nameserver of delegated zone is in it.
>>
>> From here I thought on the server 172.31.16.16 (it's Ubuntu) I must
>> receive DNS-requests related to zone sokol.msk.united-networks.ru. For
>> example if I try do nslookup sokol.msk.united-networks.ru on FreeBSD
>> 7.2 x64. But:
>>
>> /etc/bind# hostname -f
>> srvgate.sokol.msk.united-**networks.ru<http://srvgate.sokol.msk.united-networks.ru>
>> /etc/bind# tshark -ta -ni tun0 -R dns
>> Running as user "root" and group "root". This could be dangerous.
>> Capturing on tun0
>>
>> ...there is nothing! And FreeBSD issues NXDOMAIN. I say more - FreeBSD
>> tries to resolve name "sokol.msk.united-networks.ru" through its
>> forwarder in
>> external world!
>>
>> Where am I wrong? I simulated this situation with the same
>> configurations
>> on Ubuntu (Bind 9.7.0-P1) and fresh-installed FreeBSD 9.0 x64 (Bind
>> 9.8.1-P1).
>> All works fine!
>>
>> ------------------------------**-------- related portion of
>> named.conf ------------------------------**--------
>> options {
>> directory "/etc/namedb";
>> pid-file "/var/run/named/pid";
>> dump-file "/var/dump/named_dump.db";
>> statistics-file "/var/stats/named.stats";
>>
>> listen-on {
>> ....
>> 127.0.0.1;
>> 172.16.0.1;
>> 172.16.1.1;
>> 172.16.2.1;
>> 172.31.0.1;
>> };
>>
>> forwarders {
>> 89.222.167.2;
>> 8.8.8.8;
>> };
>> recursion yes;
>> allow-recursion {0/0;};
>> };
>>
>> ...
>>
>> view internal {
>> match-clients {
>> 127.0.0.0/8;
>> 172.16.0.0/12;
>> };
>> ...
>> zone "united-networks.ru" {
>> type master;
>> file "master/forward/united-**networks.ru.internal";
>> allow-transfer {
>> 172.16.0.2;
>> 172.16.16.2;
>> 172.31.16.16;
>> 172.31.17.0;
>> 172.31.18.0;
>> };
>> };
>> ...
>> };
>> ...
>> ------------------------------**------------------------------**
>> ------------------------------**-----------------
>>
>> Kind regards,
>> Ellad
>>
>
> ______________________________**_________________
> Please visit https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>
>
--
AP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120419/9b8e5393/attachment.html>
More information about the bind-users
mailing list