Solved

how to create zone file

Posted on 2006-10-31
12
243 Views
Last Modified: 2010-04-20
hi,

I would create a reverse zone for my domain,

as an example, when some  one run the command

nslookup 10.1.10.15
he get the reply as

Name:    test1.come.com
Address:  10.1.10.15

my reverse file is like this:
cat 10.1.10.zone
 
$ORIGIN 10.1.10.in-addr.arpa.
$TTL 6h
 
@       IN      SOA     test1.come.com. root.localhost. (        
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum
        IN      NS      10.1.50.5
15     IN      PTR     test1.come.com.


now, i would add 10.1.10.16 as test2.come.com
how could i add it to the file??

please if you know also the RFC releated to the same send me its link

thanks for your hlep and support,


0
Comment
Question by:malibusa
  • 6
  • 3
  • 3
12 Comments
 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
add following line after the 15 definition

16 IN PTR test2.come.com.

then modifi(increase) serial value (currently set to 1; serial) and restart named.
0
 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
BTW: the zone is somewhow wrong and should generate warning
        IN      NS      10.1.50.5
should have real name instead IP, eg
        IN      NS      real.name.tld.
0
 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
> please if you know also the RFC releated to the same send me its link
not really RFC as it's bind configuration.
start from http://langfeldt.net/DNS-HOWTO/BIND-9/
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
You want RFC 1034

In the meantime, here is a working configuration from my server. There are 2 local networks, mshome.net (dynamically updated, router is also a DHCP server for that one), and local.net (static addresses, in fact all in /etc/hosts but having the DNS stops mistyped requests from going out on the Internet)

/etc/networks:

loopback        127.0.0.0
localnet        127.0.0.0
mshome 192.168.0.0
local 10.255.255.0


/etc/named.conf:

acl "locals" { 10.255.255.0/24; 192.168.0.0/24; 127.0.0.0/8; };
options {
  directory "/var/named";
  forward only;
  forwarders { 198.142.0.51; 203.2.75.132; };
  allow-transfer { none; };
  allow-query { "locals"; };
  allow-recursion { "locals"; };
};

zone "mshome.net" IN {
  type master;
  file "mshome.net";
  forwarders { };
  allow-query { "locals"; };
  allow-transfer { "locals"; };
  allow-update { 192.168.0.120; };
};
zone "0.168.192.in-addr.arpa" IN {
  type master;
  file "ten.emohsm";
  forwarders { };
  allow-query { "locals"; };
  allow-transfer { "locals"; };
  allow-update { 192.168.0.120; };
};
zone "local.net" IN {
  type master;
  file "local.net";
  forwarders { };
  allow-query { "locals"; };
};
zone "255.255.10.in-addr.arpa" IN {
  type master;
  file "ten.lacol";
  forwarders { };
  allow-query { "locals"; };
};

It's important to use "master" - this says you're authorative (so if you don't know the answer, there isn't one).

The static zone configs:

/var/named/local.net:

$ORIGIN .
$TTL 86400      ; 1 day
local.net               IN SOA  dullstar. my.email.deleted. (
                                1          ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      DULLSTAR.MSHOME.NET.
$ORIGIN local.net.
$TTL 302400     ; 3 days 12 hours
dimstar                 A       10.255.255.1
darkstar                A       10.255.255.2
dullstar                A       10.255.255.3
drylstar                A       10.255.255.4

/var/named/ten.lacol:

$ORIGIN .
$TTL 86400      ; 1 day
255.255.10.in-addr.arpa IN SOA  dullstar. my.email.deleted.255.255.10.in-addr.arpa. (
                                1          ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      DULLSTAR.MSHOME.NET.
$ORIGIN 255.255.10.in-addr.arpa.
$TTL 302400     ; 3 days 12 hours
1                       PTR     dimstar.local.net.
2                       PTR     darkstar.local.net.
3                       PTR     dullstar.local.net.
4                       PTR     dimstar.local.net.

Note the backwards spelling of local. Also note that all reverse lookups belong to the domain in-addr.arpa.

Good luck - post if you have any troubles
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Probablythe NS records should be DULLSTAR.LOCAL.NET but it works for me as_is
0
 

Author Comment

by:malibusa
Comment Utility
don't i need to define again something like

@       IN      SOA     test1.come.com. root.localhost. (        
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

for test2

or i should just add the line
16 IN PTR test2.come.com.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
Since it's in same zone - just add the line, bump the serial and restart bind(named).
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Why have you got IN as well as PTR? I only have IN on SOA lines, not on PTR lines. That's the way DNS creates dynamic records as well.

16 PTR test2.come.com.
0
 

Author Comment

by:malibusa
Comment Utility
yes, it works,

i have a second need, which is dependant, I am not sure if  I should open another Q,

any way, if you could help me,
I would route the unresolved hosts to another NS,
what i did is:

$ORIGIN 10.1.10.in-addr.arpa.
$TTL 6h
 
@       IN      SOA     come.com. root.localhost. (        
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum
@       NS      10.1.50.5
114     PTR     av1.come.com.
14      NS      10.1.55.13
122     NS      10.1.55.13

this way if i try to resolve,
10.1.10.114 it will be resolved to av1.come.com
if i resove 10.1.10.14 or 10.1.10.122 it will forward to another DNS for resoving,

my Q, is could i ask to transfer all, unless specificly defined,

or could i define a range to be forwarded,
i mean the range 123 till 254 to be transfered to 10.1.55.13 in one command line

hopefully, i was able to deliver my idea clearly

regards,
0
 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
> @       NS      10.1.50.5
RFC says there should be full name instead of ip address - just warning.

You have two options:
$GENERATE 1-40 $ NS     delegated.ns.server. //generates names for 1 .. 40
* NS delegated.ns.server. //but some clients&servers(like cache) have trouble with it.
0
 

Author Comment

by:malibusa
Comment Utility
dear ravenpl

the first option which is
$GENERATE 1-40 $ NS     delegated.ns.server.
works fine with me,
but not the second,
* NS delegated.ns.server.   //if i use this, nothing works, unless if you were meaning to write it with the generate command

----------

Dear, another Q,
could i delegate to more than one NS server, as if one is down it forward to the second, or do round-robin between them

appreciating your help alot

best regards,
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 400 total points
Comment Utility
I warned that the star may not work...
Yes You can delegate to as many nameservers as You want.
name NS one.server.tld.
name NS two.server.tld.
name NS three.server.tld.
$GENERATE 1-40 $ NS     delegated.ns.server.
$GENERATE 1-40 $ NS     another.delegated.ns.server.
$GENERATE 1-40 $ NS     third.delegated.ns.server.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now