Bind and reverse subdomains
Khemara Lyn
lin.kh at wicam.com.kh
Tue Aug 5 07:34:52 UTC 2008
Thanks Ed; promise, there won't be a second time.
Just to make my question short, may i ask if anyone has got the
delegation of a reverse sub-domain working? I would like to delegate a
/26 or smaller ones (/27, /28 etc.) from a parent server (having a
reverse zone of /24) to a child server.
Perhaps, someone could give me some pointers to how to use the directive
$GENERATE and CNAME records in a reverse zone file for BIND.
With warm regards.
Ed Greshko wrote:
> lin.kh at wicam.com.kh wrote:
>> Thanks, will take it as good advice. And sorry to those who got confused
>> or offended with my post. While i was writing the message, i tried to
>> reproduce the scenario, which lead me to the mess :(. very sorry again.
>
> I don't think anyone would be offended by your post. And I doubt
> anyone has a problem with your BIND question. The only issue is that
> people here are often willing to help and want to do their best.
>
> So, to help enable people to do their very best you really should post
> the real thing. Even if you think you have reproduced the essence of
> the problem you may have inadvertently hidden a key fact.
>
> Besides, people may ask you for the output of "dig" (for example) and
> you may find yourself doing more hiding and making the problem harder
> to solve than it has to be.
>
>>
>>
>>> lin.kh at wicam.com.kh wrote:
>>>> Sorry all again:
>>>> I don't mean to flood my mails to the list but my previous post was a
>>>> little messed up as i cut and paste a lot trying not to show my real
>>>> domain.
>>> Take a hint from Tom Eastep the author of "shorewall".
>>>
>>> "As a general matter, please do not edit the diagnostic information
>>> in an
>>> attempt to conceal your IP address, netmask, nameserver addresses,
>>> domain
>>> name, etc. These aren't secrets, and concealing them often misleads us
>>> (and
>>> 80% of the time, a cracker could derive them anyway from information
>>> contained in the SMTP headers of your post)."
>>>
>>> Even if you've emailed using a different domain you may have muddied
>>> the
>>> waters such that it would be difficult for people to really help you.
>>>
>>> I, for one, spend little time obfuscated posts.
>>>
>>>
>>>> Now i'd like to send the whole thing again with corrections:
>>>>
>>>> ********
>>>>
>>>> First, please bear with me; i know this is not the place to ask about
>>>> BIND; but i'm hoping that, someone out there could help me. Also,
>>>> sorry
>>>> for the lengthy post but most of it is to explain my scenario. And I
>>>> believe, the answer to my question will be very short.
>>>>
>>>> Basically, I tried to delegate a reverse sub-domain (a subnet smaller
>>>> than
>>>> /24). I could query a PTR record from the parent server but i could
>>>> not
>>>> from the child server where all the configuration of the sub-domain
>>>> belongs.
>>>>
>>>> Here is the detail:
>>>>
>>>> I have my home network connected to my office network with a
>>>> registered
>>>> domain (office.net, for example) with the scenario below. On the
>>>> Office
>>>> DNS server (ns1.office.net), I would like to delegate both the forward
>>>> sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home
>>>> DNS
>>>> server (ns1.home.office.net).
>>>>
>>>> My problem is that, on the Home server, i could not do this query:
>>>>
>>>> $ host 192.168.9.33
>>>> Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)
>>>>
>>>> While from the Office server, i can:
>>>> $ host 192.168.9.33
>>>> 33.9.168.192.in-addr.arpa is an alias for
>>>> 33.32-39.9.168.192.in-addr.arpa.
>>>> 33.32-39.9.168.192.in-addr.arpa domain name pointer
>>>> ns1.home.office.net.
>>>>
>>>> What could be the cause of problem? I might miss a transition
>>>> somewhere
>>>> between the office parent zone and the home child zone. But i just
>>>> don't
>>>> know. Everything else seems to work fine (the sub-domain forward zones
>>>> are
>>>> ok).
>>>>
>>>> I've been following the book of O'Reilly "DNS & BIND", 5th edition,
>>>> which
>>>> is a great book i found; but the part on the reverse sub-domain is
>>>> a bit
>>>> too tricky for me.
>>>>
>>>> Could someone please help me out?
>>>>
>>>> Here is the scenario:
>>>>
>>>> Office Network:
>>>> ===============
>>>> Domain: office.net (not real, used as example here only)
>>>> IP subnet : 192.168.9.0/24 (not real, used as example here only)
>>>> DNS Server: ns1.office.net (IP:192.168.9.1)
>>>>
>>>> Home Network:
>>>> ==============
>>>> Domain: home.office.net
>>>> IP Subnet : 192.168.9.32/28
>>>> DNS Server: ns1.home.office.net (IP:192.168.9.33)
>>>>
>>>> On both of the DNS servers, i'm running BIND on Fedora 9.
>>>> The configuration files on the Office server (ns1.office.net) looks as
>>>> below:
>>>>
>>>> 1. /etc/resolv.conf
>>>>
>>>> === Beginning of file ===
>>>> search office.net
>>>> nameserver 192.168.9.1
>>>> nameserver 192.168.9.2
>>>> === End of file ===
>>>>
>>>> 2. /var/named/chroot/etc/named.conf
>>>> (I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
>>>> /etc/sysconfig/named)
>>>>
>>>> === Beginning of file ===
>>>> options {
>>>> listen-on port 53 { 127.0.0.1; 192.168.9.1;};
>>>> // listen-on-v6 port 53 { ::1; };
>>>> directory "/var/named";
>>>> dump-file "/var/named/data/cache_dump.db";
>>>> statistics-file "/var/named/data/named_stats.txt";
>>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>> allow-query { trusted;};
>>>> recursion yes;
>>>> };
>>>>
>>>> acl trusted {127.0.0.1; 192.168.9.0/24;};
>>>>
>>>> include "/etc/named.rfc1912.zones";
>>>>
>>>> zone "office.net" IN {
>>>> type master;
>>>> file "office.zone";
>>>> };
>>>>
>>>> zone "9.168.192.in-addr.arpa" IN {
>>>> type master;
>>>> file "9.168.192.zone";
>>>> };
>>>> === End of file===
>>>>
>>>> 3. /var/named/chroot/var/named/office.zone
>>>>
>>>> === Beginning of file ===
>>>> $TTL 1D
>>>> @ IN SOA ns1.office.net. root.office.net. (
>>>> 08080201 ; serial
>>>> 1D ; refresh
>>>> 1H ; retry
>>>> 1W ; expire
>>>> 3H ) ; minimum
>>>> NS ns1.office.net.
>>>> NS ns2.office.net.
>>>> MX 10 mail1.office.net.
>>>> MX 20 mail2.office.net.
>>>> A 192.168.9.12
>>>>
>>>> ns1 IN A 192.168.9.1
>>>> ns2 IN A 192.168.9.2
>>>> mail1 IN A 192.168.9.11
>>>> mail2 IN A 192.168.9.12
>>>> www IN CNAME mail2
>>>>
>>>> ;; Glue records for home.office.net
>>>> home IN NS ns1.home
>>>> ns1.home IN A 192.168.9.33
>>>> === End of file ===
>>>>
>>>> 4. /var/named/chroot/var/named/9.168.192.zone:
>>>>
>>>> === Beginning of file ===
>>>> $TTL 1D
>>>> @ IN SOA ns1.office.net. root.office.net. (
>>>> 08080203 ; serial
>>>> 1D ; refresh
>>>> 1H ; retry
>>>> 1W ; expire
>>>> 3H ) ; minimum
>>>> NS ns1.office.net.
>>>> NS ns2.office.net.
>>>>
>>>> 1 IN PTR ns1.office.net.
>>>> 2 IN PTR ns2.office.net.
>>>> 11 IN PTR mail1.office.net.
>>>> 12 IN PTR mail2.office.net.
>>>>
>>>> $GENERATE 33-39 $ CNAME $.32-39
>>>> 32-39 IN NS ns1.home.office.net.
>>>> === End of file ===
>>>>
>>>> And finally, the configuration files on the Home server
>>>> (ns1.home.office.net) looks as below:
>>>>
>>>> 1. /etc/resolv.conf
>>>>
>>>> #=== Beginning of file ===
>>>> search home.office.net
>>>> nameserver 192.168.9.33
>>>> #=== End of file ===
>>>>
>>>> 2. /var/named/chroot/etc/named.conf
>>>>
>>>> //=== Beginning of file ===
>>>> options {
>>>> listen-on port 53 { 127.0.0.1; 192.168.9.33;};
>>>> listen-on-v6 port 53 { ::1; };
>>>> directory "/var/named";
>>>> dump-file "/var/named/data/cache_dump.db";
>>>> statistics-file "/var/named/data/named_stats.txt";
>>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>> query-source port 53;
>>>> query-source-v6 port 53;
>>>> allow-query { localhost; 192.168.9.32/28;};
>>>> // forward first;
>>>> // forwarders {192.168.9.5;};
>>>> };
>>>>
>>>> include "/etc/named.rfc1912.zones";
>>>>
>>>> zone "home.office.net" IN {
>>>> type master;
>>>> file "home.zone";
>>>> };
>>>>
>>>> zone "32-39.9.168.192.in-addr.arpa" IN {
>>>> type master;
>>>> file "32-39.9.168.192.zone";
>>>> };
>>>> //=== End of file ===
>>>>
>>>> 3. /var/named/chroot/var/named/home.zone
>>>>
>>>> ;=== Beginning of file ===
>>>> $TTL 86400
>>>> @ IN SOA ns1.home.office.net. root.home.office.net. (
>>>> 08080501 ; Serial
>>>> 28800 ; Refresh
>>>> 14400 ; Retry
>>>> 3600000 ; Expire
>>>> 86400 ) ; Minimum
>>>> IN NS ns1.home.office.net.
>>>> IN MX 10 mail.home.office.net.
>>>>
>>>> ns1 IN A 192.168.9.33
>>>> mail IN A 192.168.9.35
>>>> ;=== End of file ===
>>>>
>>>> 4. /var/named/chroot/var/named/32-39.9.168.192.zone
>>>>
>>>> ;=== Beginning of file ===
>>>> $TTL 86400
>>>> @ IN SOA ns1.home.office.net. root.home.office.net. (
>>>> 08080203 ; Serial
>>>> 28800 ; Refresh
>>>> 14400 ; Retry
>>>> 3600000 ; Expire
>>>> 86400 ) ; Minimum
>>>> IN NS ns1.home.office.net.
>>>>
>>>> 33 IN PTR ns1.home.office.net.
>>>> 35 IN PTR mail.home.office.net.
>>>> ;=== End of file ===
>>>>
>>>> Thanks in advance for any ideas?
>>>>
>>>> Best,
>>>> Khem
>>>>
>>>>
>>>>
>>>
>>> --
>>> I met my latest girl friend in a department store. She was looking at
>>> clothes, and I was putting Slinkys on the escalators.
>>> -- Steven Wright
>>>
>>> --
>>> fedora-list mailing list
>>> fedora-list at redhat.com
>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>
>>
>
>
More information about the fedora-list
mailing list