Problem with Zones (recursion?)

Grant Taylor gtaylor at tnetconsulting.net
Sun Oct 15 18:07:07 UTC 2017 

On 10/15/2017 06:15 AM, Michelle Konzack wrote:
> Good day,

Hi,

> I have created a file
> 
> ----[ /etc/bind/db.block ]----------------------------------------------
> @ 86400 IN SOA   dns1.<removed>. hostmaster.<removed>. ( a b c d e )
> 
>          IN NS    dns1.<removed>.
> 
> *       IN CNAME block.<removed>.
> ------------------------------------------------------------------------
> 
> ----[ /etc/bind/named.conf.block ]--------------------------------------
> zone "101com.com" {type master; notify no; file "/etc/bind/db.block"; };
> zone "101order.com" {type master; notify no; file "/etc/bind/db.block"; };
> ------------------------------------------------------------------------

Okay.

I've seen this type of thing done a number of times before.  (I think I 
first saw it on FreeBSD.)

> Since <dns1> is my own server, I have it prepend in my dhclient.conf  of
> my Laptop but if I now querry

Do I understand correctly that you are tweaking dhclient to use your 
server before other DNS servers?

> ----[ command 'nslookup 101com.com' ]-----------------------------------
> ;; Got recursion not availlable from 7847104.44, trying next server
> Server:		192.168.43.1
> Address:	192.168.43.1#53
> 
> Non-authoritative answer:
> Name:	101com.com
> Address: 66.77.93.51
> ------------------------------------------------------------------------

The first thing I see is that you are querying the domain 101com.com 
which does not have an A or AAAA record in your db.block file.

The second thing I notice is that you are not testing directly against 
your server.  (I assume you're relying on dhclient to pick the order.) 
I'd suggest trying "nslookup 101com.com dns1.<removed>." to make sure 
that you are testing your DNS config and not hitting a dhclient resolver 
order issue.

> ----[ command 'named-checkzone 101com.com db.block' ]-------------------
> db.block:3: using RFC1035 TTL semantics
> zone 101com.com/IN: loaded serial 1508068518
> OK
> ------------------------------------------------------------------------
> 
> What I am missing here?
> 
> It should point to the server block.<removed>

Your nslookup will very likely not hit the CNAME as you're querying the 
apex of the 101com.com zone.

I would also suggest that you check out Response Policy Zone(s) as they 
may be a better / more scalable way to accomplish what I suspect you are 
after.

You might also want to glance at DNAME as it's closely related and can 
allow you to change the back end name that is queried.

> Thanks in avance

You're welcome.

Good luck.



-- 
Grant. . . .
unix || die

More information about the bind-users mailing list