We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

how to create zone file

malibusa
malibusa asked
on
Medium Priority
309 Views
Last Modified: 2010-04-20
hi,

I would create a reverse zone for my domain,

as an example, when some  one run the command

nslookup 10.1.10.15
he get the reply as

Name:    test1.come.com
Address:  10.1.10.15

my reverse file is like this:
cat 10.1.10.zone
 
$ORIGIN 10.1.10.in-addr.arpa.
$TTL 6h
 
@       IN      SOA     test1.come.com. root.localhost. (        
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum
        IN      NS      10.1.50.5
15     IN      PTR     test1.come.com.


now, i would add 10.1.10.16 as test2.come.com
how could i add it to the file??

please if you know also the RFC releated to the same send me its link

thanks for your hlep and support,


Comment
Watch Question

Top Expert 2005

Commented:
add following line after the 15 definition

16 IN PTR test2.come.com.

then modifi(increase) serial value (currently set to 1; serial) and restart named.
Top Expert 2005

Commented:
BTW: the zone is somewhow wrong and should generate warning
        IN      NS      10.1.50.5
should have real name instead IP, eg
        IN      NS      real.name.tld.
Top Expert 2005

Commented:
> please if you know also the RFC releated to the same send me its link
not really RFC as it's bind configuration.
start from http://langfeldt.net/DNS-HOWTO/BIND-9/
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
You want RFC 1034

In the meantime, here is a working configuration from my server. There are 2 local networks, mshome.net (dynamically updated, router is also a DHCP server for that one), and local.net (static addresses, in fact all in /etc/hosts but having the DNS stops mistyped requests from going out on the Internet)

/etc/networks:

loopback        127.0.0.0
localnet        127.0.0.0
mshome 192.168.0.0
local 10.255.255.0


/etc/named.conf:

acl "locals" { 10.255.255.0/24; 192.168.0.0/24; 127.0.0.0/8; };
options {
  directory "/var/named";
  forward only;
  forwarders { 198.142.0.51; 203.2.75.132; };
  allow-transfer { none; };
  allow-query { "locals"; };
  allow-recursion { "locals"; };
};

zone "mshome.net" IN {
  type master;
  file "mshome.net";
  forwarders { };
  allow-query { "locals"; };
  allow-transfer { "locals"; };
  allow-update { 192.168.0.120; };
};
zone "0.168.192.in-addr.arpa" IN {
  type master;
  file "ten.emohsm";
  forwarders { };
  allow-query { "locals"; };
  allow-transfer { "locals"; };
  allow-update { 192.168.0.120; };
};
zone "local.net" IN {
  type master;
  file "local.net";
  forwarders { };
  allow-query { "locals"; };
};
zone "255.255.10.in-addr.arpa" IN {
  type master;
  file "ten.lacol";
  forwarders { };
  allow-query { "locals"; };
};

It's important to use "master" - this says you're authorative (so if you don't know the answer, there isn't one).

The static zone configs:

/var/named/local.net:

$ORIGIN .
$TTL 86400      ; 1 day
local.net               IN SOA  dullstar. my.email.deleted. (
                                1          ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      DULLSTAR.MSHOME.NET.
$ORIGIN local.net.
$TTL 302400     ; 3 days 12 hours
dimstar                 A       10.255.255.1
darkstar                A       10.255.255.2
dullstar                A       10.255.255.3
drylstar                A       10.255.255.4

/var/named/ten.lacol:

$ORIGIN .
$TTL 86400      ; 1 day
255.255.10.in-addr.arpa IN SOA  dullstar. my.email.deleted.255.255.10.in-addr.arpa. (
                                1          ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      DULLSTAR.MSHOME.NET.
$ORIGIN 255.255.10.in-addr.arpa.
$TTL 302400     ; 3 days 12 hours
1                       PTR     dimstar.local.net.
2                       PTR     darkstar.local.net.
3                       PTR     dullstar.local.net.
4                       PTR     dimstar.local.net.

Note the backwards spelling of local. Also note that all reverse lookups belong to the domain in-addr.arpa.

Good luck - post if you have any troubles
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Probablythe NS records should be DULLSTAR.LOCAL.NET but it works for me as_is

Author

Commented:
don't i need to define again something like

@       IN      SOA     test1.come.com. root.localhost. (        
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

for test2

or i should just add the line
16 IN PTR test2.come.com.
Top Expert 2005

Commented:
Since it's in same zone - just add the line, bump the serial and restart bind(named).
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Why have you got IN as well as PTR? I only have IN on SOA lines, not on PTR lines. That's the way DNS creates dynamic records as well.

16 PTR test2.come.com.

Author

Commented:
yes, it works,

i have a second need, which is dependant, I am not sure if  I should open another Q,

any way, if you could help me,
I would route the unresolved hosts to another NS,
what i did is:

$ORIGIN 10.1.10.in-addr.arpa.
$TTL 6h
 
@       IN      SOA     come.com. root.localhost. (        
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum
@       NS      10.1.50.5
114     PTR     av1.come.com.
14      NS      10.1.55.13
122     NS      10.1.55.13

this way if i try to resolve,
10.1.10.114 it will be resolved to av1.come.com
if i resove 10.1.10.14 or 10.1.10.122 it will forward to another DNS for resoving,

my Q, is could i ask to transfer all, unless specificly defined,

or could i define a range to be forwarded,
i mean the range 123 till 254 to be transfered to 10.1.55.13 in one command line

hopefully, i was able to deliver my idea clearly

regards,
Top Expert 2005

Commented:
> @       NS      10.1.50.5
RFC says there should be full name instead of ip address - just warning.

You have two options:
$GENERATE 1-40 $ NS     delegated.ns.server. //generates names for 1 .. 40
* NS delegated.ns.server. //but some clients&servers(like cache) have trouble with it.

Author

Commented:
dear ravenpl

the first option which is
$GENERATE 1-40 $ NS     delegated.ns.server.
works fine with me,
but not the second,
* NS delegated.ns.server.   //if i use this, nothing works, unless if you were meaning to write it with the generate command

----------

Dear, another Q,
could i delegate to more than one NS server, as if one is down it forward to the second, or do round-robin between them

appreciating your help alot

best regards,
Top Expert 2005
Commented:
I warned that the star may not work...
Yes You can delegate to as many nameservers as You want.
name NS one.server.tld.
name NS two.server.tld.
name NS three.server.tld.
$GENERATE 1-40 $ NS     delegated.ns.server.
$GENERATE 1-40 $ NS     another.delegated.ns.server.
$GENERATE 1-40 $ NS     third.delegated.ns.server.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.