Problem with Zones (recursion?)
Grant Taylor
gtaylor at tnetconsulting.net
Sun Oct 15 18:07:07 UTC 2017
On 10/15/2017 06:15 AM, Michelle Konzack wrote:
> Good day,
Hi,
> I have created a file
>
> ----[ /etc/bind/db.block ]----------------------------------------------
> @ 86400 IN SOA dns1.<removed>. hostmaster.<removed>. ( a b c d e )
>
> IN NS dns1.<removed>.
>
> * IN CNAME block.<removed>.
> ------------------------------------------------------------------------
>
> ----[ /etc/bind/named.conf.block ]--------------------------------------
> zone "101com.com" {type master; notify no; file "/etc/bind/db.block"; };
> zone "101order.com" {type master; notify no; file "/etc/bind/db.block"; };
> ------------------------------------------------------------------------
Okay.
I've seen this type of thing done a number of times before. (I think I
first saw it on FreeBSD.)
> Since <dns1> is my own server, I have it prepend in my dhclient.conf of
> my Laptop but if I now querry
Do I understand correctly that you are tweaking dhclient to use your
server before other DNS servers?
> ----[ command 'nslookup 101com.com' ]-----------------------------------
> ;; Got recursion not availlable from 7847104.44, trying next server
> Server: 192.168.43.1
> Address: 192.168.43.1#53
>
> Non-authoritative answer:
> Name: 101com.com
> Address: 66.77.93.51
> ------------------------------------------------------------------------
The first thing I see is that you are querying the domain 101com.com
which does not have an A or AAAA record in your db.block file.
The second thing I notice is that you are not testing directly against
your server. (I assume you're relying on dhclient to pick the order.)
I'd suggest trying "nslookup 101com.com dns1.<removed>." to make sure
that you are testing your DNS config and not hitting a dhclient resolver
order issue.
> ----[ command 'named-checkzone 101com.com db.block' ]-------------------
> db.block:3: using RFC1035 TTL semantics
> zone 101com.com/IN: loaded serial 1508068518
> OK
> ------------------------------------------------------------------------
>
> What I am missing here?
>
> It should point to the server block.<removed>
Your nslookup will very likely not hit the CNAME as you're querying the
apex of the 101com.com zone.
I would also suggest that you check out Response Policy Zone(s) as they
may be a better / more scalable way to accomplish what I suspect you are
after.
You might also want to glance at DNAME as it's closely related and can
allow you to change the back end name that is queried.
> Thanks in avance
You're welcome.
Good luck.
--
Grant. . . .
unix || die
More information about the bind-users
mailing list