Bind and reverse subdomains
Ed Greshko
Ed.Greshko at greshko.com
Mon Aug 4 23:29:56 UTC 2008
lin.kh at wicam.com.kh wrote:
> Sorry all again:
> I don't mean to flood my mails to the list but my previous post was a
> little messed up as i cut and paste a lot trying not to show my real
> domain.
Take a hint from Tom Eastep the author of "shorewall".
"As a general matter, please do not edit the diagnostic information in an
attempt to conceal your IP address, netmask, nameserver addresses, domain
name, etc. These aren't secrets, and concealing them often misleads us (and
80% of the time, a cracker could derive them anyway from information
contained in the SMTP headers of your post)."
Even if you've emailed using a different domain you may have muddied the
waters such that it would be difficult for people to really help you.
I, for one, spend little time obfuscated posts.
>
> Now i'd like to send the whole thing again with corrections:
>
> ********
>
> First, please bear with me; i know this is not the place to ask about
> BIND; but i'm hoping that, someone out there could help me. Also, sorry
> for the lengthy post but most of it is to explain my scenario. And I
> believe, the answer to my question will be very short.
>
> Basically, I tried to delegate a reverse sub-domain (a subnet smaller than
> /24). I could query a PTR record from the parent server but i could not
> from the child server where all the configuration of the sub-domain
> belongs.
>
> Here is the detail:
>
> I have my home network connected to my office network with a registered
> domain (office.net, for example) with the scenario below. On the Office
> DNS server (ns1.office.net), I would like to delegate both the forward
> sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home DNS
> server (ns1.home.office.net).
>
> My problem is that, on the Home server, i could not do this query:
>
> $ host 192.168.9.33
> Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)
>
> While from the Office server, i can:
> $ host 192.168.9.33
> 33.9.168.192.in-addr.arpa is an alias for 33.32-39.9.168.192.in-addr.arpa.
> 33.32-39.9.168.192.in-addr.arpa domain name pointer ns1.home.office.net.
>
> What could be the cause of problem? I might miss a transition somewhere
> between the office parent zone and the home child zone. But i just don't
> know. Everything else seems to work fine (the sub-domain forward zones are
> ok).
>
> I've been following the book of O'Reilly "DNS & BIND", 5th edition, which
> is a great book i found; but the part on the reverse sub-domain is a bit
> too tricky for me.
>
> Could someone please help me out?
>
> Here is the scenario:
>
> Office Network:
> ===============
> Domain: office.net (not real, used as example here only)
> IP subnet : 192.168.9.0/24 (not real, used as example here only)
> DNS Server: ns1.office.net (IP:192.168.9.1)
>
> Home Network:
> ==============
> Domain: home.office.net
> IP Subnet : 192.168.9.32/28
> DNS Server: ns1.home.office.net (IP:192.168.9.33)
>
> On both of the DNS servers, i'm running BIND on Fedora 9.
> The configuration files on the Office server (ns1.office.net) looks as below:
>
> 1. /etc/resolv.conf
>
> === Beginning of file ===
> search office.net
> nameserver 192.168.9.1
> nameserver 192.168.9.2
> === End of file ===
>
> 2. /var/named/chroot/etc/named.conf
> (I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
> /etc/sysconfig/named)
>
> === Beginning of file ===
> options {
> listen-on port 53 { 127.0.0.1; 192.168.9.1;};
> // listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { trusted;};
> recursion yes;
> };
>
> acl trusted {127.0.0.1; 192.168.9.0/24;};
>
> include "/etc/named.rfc1912.zones";
>
> zone "office.net" IN {
> type master;
> file "office.zone";
> };
>
> zone "9.168.192.in-addr.arpa" IN {
> type master;
> file "9.168.192.zone";
> };
> === End of file===
>
> 3. /var/named/chroot/var/named/office.zone
>
> === Beginning of file ===
> $TTL 1D
> @ IN SOA ns1.office.net. root.office.net. (
> 08080201 ; serial
> 1D ; refresh
> 1H ; retry
> 1W ; expire
> 3H ) ; minimum
> NS ns1.office.net.
> NS ns2.office.net.
> MX 10 mail1.office.net.
> MX 20 mail2.office.net.
> A 192.168.9.12
>
> ns1 IN A 192.168.9.1
> ns2 IN A 192.168.9.2
> mail1 IN A 192.168.9.11
> mail2 IN A 192.168.9.12
> www IN CNAME mail2
>
> ;; Glue records for home.office.net
> home IN NS ns1.home
> ns1.home IN A 192.168.9.33
> === End of file ===
>
> 4. /var/named/chroot/var/named/9.168.192.zone:
>
> === Beginning of file ===
> $TTL 1D
> @ IN SOA ns1.office.net. root.office.net. (
> 08080203 ; serial
> 1D ; refresh
> 1H ; retry
> 1W ; expire
> 3H ) ; minimum
> NS ns1.office.net.
> NS ns2.office.net.
>
> 1 IN PTR ns1.office.net.
> 2 IN PTR ns2.office.net.
> 11 IN PTR mail1.office.net.
> 12 IN PTR mail2.office.net.
>
> $GENERATE 33-39 $ CNAME $.32-39
> 32-39 IN NS ns1.home.office.net.
> === End of file ===
>
> And finally, the configuration files on the Home server
> (ns1.home.office.net) looks as below:
>
> 1. /etc/resolv.conf
>
> #=== Beginning of file ===
> search home.office.net
> nameserver 192.168.9.33
> #=== End of file ===
>
> 2. /var/named/chroot/etc/named.conf
>
> //=== Beginning of file ===
> options {
> listen-on port 53 { 127.0.0.1; 192.168.9.33;};
> listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> query-source port 53;
> query-source-v6 port 53;
> allow-query { localhost; 192.168.9.32/28;};
> // forward first;
> // forwarders {192.168.9.5;};
> };
>
> include "/etc/named.rfc1912.zones";
>
> zone "home.office.net" IN {
> type master;
> file "home.zone";
> };
>
> zone "32-39.9.168.192.in-addr.arpa" IN {
> type master;
> file "32-39.9.168.192.zone";
> };
> //=== End of file ===
>
> 3. /var/named/chroot/var/named/home.zone
>
> ;=== Beginning of file ===
> $TTL 86400
> @ IN SOA ns1.home.office.net. root.home.office.net. (
> 08080501 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> IN NS ns1.home.office.net.
> IN MX 10 mail.home.office.net.
>
> ns1 IN A 192.168.9.33
> mail IN A 192.168.9.35
> ;=== End of file ===
>
> 4. /var/named/chroot/var/named/32-39.9.168.192.zone
>
> ;=== Beginning of file ===
> $TTL 86400
> @ IN SOA ns1.home.office.net. root.home.office.net. (
> 08080203 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> IN NS ns1.home.office.net.
>
> 33 IN PTR ns1.home.office.net.
> 35 IN PTR mail.home.office.net.
> ;=== End of file ===
>
> Thanks in advance for any ideas?
>
> Best,
> Khem
>
>
>
--
I met my latest girl friend in a department store. She was looking at
clothes, and I was putting Slinkys on the escalators.
-- Steven Wright
More information about the fedora-list
mailing list