I may be confused regarding sub delegated zone
Lawrence K. Chen, P.Eng.
lkchen at ksu.edu
Thu Jan 23 22:48:27 UTC 2014
It's hard to see exactly what the problem is since you didn't use a real
domain that we can look at, or even if the example matches what you're
really seeing.
But, continuing the bad example further...
if the situation is more like:
> set type=ns
> sybdom.example.com
symdom.example.com nameserver = ns.symdom.example.com
> set type=a
ns.symdom.example.com
** server can't find ns.symdom.example.com: NXDOMAIN
and
> set type=ns
> subdom.example.com
subdom.example.com nameserver = ns2.example.com
> set type=a
ns2.example.com
Name: ns2.example.com
Address: x.x.x.y
Would mean, you didn't add a glue in example.com on what the address for
ns.sybdom.example.com is.
The first needs a glue record because it can't query
ns.sybdom.example.com to get is A record, without an A record. While
the first works because it is already in contact with the nameserver for
the others its been making. (which is made possible because the .com
server provided the glue record for ns1.example.com, which you had to
provide when you set up the domain with your registrar....but didn't
need to provide if your authority nameservers were in a different domain.)
Something like this might result...
$ORIGIN example.com.
ns1 A x.x.x.x
ns2 A x.x.x.y
$ORIGIN subdom.example.com.
@ NS ns2.example.com.
$ORIGIN sybdom.example.com.
@ NS ns.symdom.example.com.
ns A x.x.x.z
$ORIGIN szbdom.example.com.
@ NS ns1.example.net.
Scary things happen when the subdomain is delegated, and they give you
ns1 & IP1, ns2 & IP2....and then something happens and the flip things
around....so that ns1 is on IP2 and ns2 is on IP1....when you ask it
what the A is for ns1, it gives you the IP of what you thought ns2 was....
or worse...the IP that used to be ns1, has a completely different name
and the old name no longer exists in their subdomain.
Which appears to be the case for what real delegated subdomain of mine
that I was had first
Also when things are working, the answer to NS is from the delegated
nameserver not the parent.
Because I first tried:
> set type=ns
> math.ksu.edu
Non-authoritative answer:
math.ksu.edu nameserver = ns-2.ksu.edu.
math.ksu.edu nameserver = ns.math.ksu.edu.
math.ksu.edu nameserver = ns-1.ksu.edu.
Authoritative answers can be found from:
ns-1.ksu.edu internet address = 129.130.254.21
ns-2.ksu.edu internet address = 129.130.139.151
> set type=a
> ns.math.ksu.edu
Name: ns.math.ksu.edu
Address: 129.130.106.2
But, then I looked at my zone file, and I have:
$ORIGIN math.ksu.edu.
@ NS gw.math.ksu.edu.
NS ns-3.ksu.edu.
NS ns-2.ksu.edu.
NS ns-1.ksu.edu.
gw A 129.130.106.1
Don't know if I want to change it or not....recall having tried to fix
entries like this before, which caused problems.... Like maybe
ns.math.ksu.edu is his master server, but their firewall only allows it
to be accessed from their subnet. And, gw is my way in.
The slave zone record on my side has IPs for both gw and ns, would have
dig deeper to see where the updates are actually coming from....
On 01/23/14 11:58, Blason R wrote:
> Perfect this is what I m thinking. So in some case I observed that
> subdomain.example.com <http://subdomain.example.com> has ns record
> specified but no A record associated with it. But if i do query set
> type=ns to parent ns record it shows something else.
>
> Like
>
> Set typ=ns
> Sybdom.example.com <http://Sybdom.example.com>
>
> Ns5.example.com <http://Ns5.example.com>
>
> Set type=a
> Ns5.example.com <http://Ns5.example.com>
> No A record
>
> Server ns1.example.com <http://ns1.example.com>
>
> Set type=ns
> Subdom.example.com <http://Subdom.example.com>
> Ns2.example.com <http://Ns2.example.com>
>
> Is this setup correct?
>
> On 23 Jan 2014 23:04, "Ben Croswell" <ben.croswell at gmail.com
> <mailto:ben.croswell at gmail.com>> wrote:
>
> A freshly started server with no cache will be directed to nd1 first
> which will give a referral to ns2 for the subdomain. After that it
> will go to ns2 directly until the ns records time out in cache.
>
> On Jan 23, 2014 12:30 PM, "Blason R" <blason16 at gmail.com
> <mailto:blason16 at gmail.com>> wrote:
>
> Hello friends,
>
> I may sound like novice but have basic question regarding
> Sub-zone which is an delegated zone. lets say I have zone
> example.com <http://example.com> whose NS are ns1.example.com
> <http://ns1.example.com> and then I have delegated sub-zone
> subdom.example.com <http://subdom.example.com> whose ns record
> would be say ns2.example.com <http://ns2.example.com>.
>
> So people who will be querying to A record for
> subdom.example.com <http://subdom.example.com> [which @] will
> first be forwarded to ns1.example.com <http://ns1.example.com>
> and then from there ns record of subdom.example.com
> <http://subdom.example.com> will be given?
>
> Or will it directly be forwarded to n2.example.com
> <http://n2.example.com>?
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users
> to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
More information about the bind-users
mailing list