Configuring a domain slave to look up subdomain hosts
Mike Bernhardt
bernhardt at bart.gov
Tue Feb 28 17:15:21 UTC 2012
So it sounds like in this case, stub zones don't buy me anything? What I
wanted was for this secondary to query the subdomain name servers directly
instead of relying on the domain primary via forwarding. Is making this
server a secondary for the subdomain the only way?
_____
From: Nex6 [mailto:borg at borg1911.com]
Sent: Monday, February 27, 2012 4:59 PM
To: Mike Bernhardt; bind-users at lists.isc.org
Subject: RE: Configuring a domain slave to look up subdomain hosts
-------- Original Message --------
Subject: Configuring a domain slave to look up subdomain hosts
From: "Mike Bernhardt" <bernhardt at bart.gov>
Date: Mon, February 27, 2012 4:50 pm
To: <bind-users at lists.isc.org>
I have a domain and a subdomain which is delegated by the
I am trying to figure out the correct way to have the slave of a parent
domain look up hosts in a subdomain managed by others. I'm running BIND
9.8.1-P1. The current working configuration for the subdomain is this:
options {
directory "/var/named";
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
forwarders { 148.165.3.10; };
forward only;
recursive-clients 2000;
zone-statistics yes;
};
zone "domain.com" {
type slave;
masters { 10.130.1.30; };
file "db.domain";
forwarders { };
};
But using "forwarders" doesn't seem like the correct way to do it. It's in
the options in order to forward internet queries to our external name server
instead of to the root servers, which aren't accessible from inside. I've
been messing with stub zones but that doesn't seem to work:
zone "domain.com" {
type slave;
masters { 10.130.1.30; };
file "db.domain";
};
zone "subdomain.domain.com" {
type stub;
masters { 10.2.241.101; 10.2.242.222; };
file "db.subdomain";
};
With this configuration, the zone file for subdomain.domain.com is correctly
created but when I run tcpdump I can see that queries for
host.subdomain.domain.com are being forwarded to 148.165.3.10, not to the
subdomain name servers. The result of course is NXDOMAIN.
With forwarders set for the zone domain.com, the slave queries the zone
master, which then queries the subdomain name server as it should. So the
stub zone is apparently being ignored.
What is wrong? Perhaps I'm misunderstanding the purpose of stub zones? Let
me know if you need additional config details.
/answer:
This post, requires a much longer response then I have time for, but i will
take a quick stab.
a "stub" zone, is generally only used for cross corporate, or cross partner
resolving. it gives you
a "local" copy of possibly internal zone data.
a "slave" is a type of Nameserver, not a type of zone. generally youll have
authoritative name servers,
and sometimes in bigger shops a number if "salves" or now called secondary
name servers. for example,
you could have your authoritative name servers behind your firewall, and put
a slave in the DMZ sorta thing.
or have a few authoritative name servers, a several salves, so you may have
salves in each datacenter.
a delegation, is where you "delagate" a subzone to someone else. example,
you own say
example.org, and a subgroup wants to manage their own namespace of
depart1.example.org, so
you delegate depart1.example.org to there name servers. and they will "own"
the zone depart1.
hope this helps clears a few things up.
-Nex6
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120228/9b4376f3/attachment.html>
More information about the bind-users
mailing list