Solved

Specifying an authoritative nameserver using BIND

Posted on 2007-04-06
13
1,081 Views
Last Modified: 2012-08-13
Hello experts,

I'm having trouble configuring a nameserver which delegates to other authoritative nameservers for certain domain names.

For example, my machine is ns.example.com (it's IP address is 123.123.123.123)

foobar.com was registered with me, so DNS requests for anything.foobar.bar come to ns.example.com, but foobar.com has it's own nameserver (ns.foobar.com, IP: 456.456.456.456).

How do I specify on ns.example.com that ns.foobar.com is authoritative for foobar.com?

The zone file that I currrently have is below:

example.com.      IN SOA ns.example.com. admin.example.com. (
        2007010101
        28800
        3600
        604800
        38400
)

example.com.               IN      NS      ns.example.com.
ns.registrar.com.          IN      A       123.123.123.123
foobar.com.                  IN      NS     ns.foobar.com.
ns.foobar.com.             IN      A       456.456.456.456

The problem seems to be that ns.example.com never refers lookups for foobar.com to ns.foobar.com. It goes to it's forwarders instead.

It doesn't seem like this should be a difficult thing to do. What am I doing wrong?

Many thanks,
Matt.
0
Comment
Question by:mb2297
13 Comments
 
LVL 5

Expert Comment

by:suggestionstick
ID: 18868378
Hi


When you registered the Domain foobar.com, you entered the authoritive nameserver(s) as ns.example.com, is this correct?

If this is so, create a zone file for foobar.com on your  ns.example.com and it will sever DNS requests for the domain.

If you want to delegate requests for the foobar.com to another name server, such as ns.foobar.com, you can redelegate at the registar to that nameserver.

Normally you would only redelegate subdomains to another DNS server, foobar.com is using ns.foobar.com, put you can delegate subdomain.foobar.com to ns.example.com.

I suggest that you delegate the foobar.com domain to which ever DNS server you want to serve DNS queries, at the registar level.

trev
0
 

Author Comment

by:mb2297
ID: 18869210
Hi Trev,

I think we're on the right lines. This is a theoretical question though, so I haven't actually registered any domains. I'm using an internal system where I'm the

I guess a more real world example would be this:

I go to 123-reg.co.uk (my preferred registrar) and buy mattswidgets.com from them. They would then have an entry in their nameserver that contains the IP address of mattswidgets.com (and it's subdomains) to point to my hosting server. If I now setup my own nameserver for mattswidgets.com, 123-reg.co.uk would have to change their nameserver entry to delegate (I think that's the correct term) mattswidgets.com to my new nameserver.

The problem is that I can't figure out how to do the delegation at example.com (the same function that 123-reg would be performing in the above example, when it changed it's nameserver to delegate to the new foobar.com nameserver).

If I created a zone for foobar.com on the example.com nameserver, wouldn't that make the example.com nameserver authoritative for foobar.com? That's what I'm trying to change, by delegating to a new authoritative nameserver for foobar.com.

What should the zone file for example.com look like?

Many thanks,
Matt.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18870140

You cannot delegate foobar.com from example.com. example.com isn't the Parent.

foobar.com must be delegated from the Top Level Domain servers that hold all registrations for .com.

If you have setup a Domain on 123-reg.co.uk and said the Name Server for foobar.com is ns1.foobar.com you would create a new zone, something like this:

foobar.com.      IN SOA ns1.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns1.foobar.com.
ns1.foobar.com.        IN      A         <IP Address>

You could also have the Name Server for example.com answer authoritatively for foobar.com, it's only a name, it doesn't much matter if the name server isn't in the same zone. i.e.

foobar.com.      IN SOA ns.example.com. admin.example.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.example.com.

However, the zone for example.com doesn't need to know anything about this.

HTH

Chris
0
 
LVL 7

Expert Comment

by:HalldorG
ID: 18875235
You should check the /etc/named.conf file
define the other nameserver as master for foobar.com
and this you as slave

zone "foobar.com" {
      type slave;
      masters {  456.456.456.456; }:
      file "foobar.com.soa";
};

But on the other server you need to have your server as name server record
setup as you where intending on your file.
0
 

Author Comment

by:mb2297
ID: 18879411
Hi Chris,

I don't want example.com to be authoritative for foobar.com, so I went with your first suggestion.

I added a zone for foobar.com to the example.com nameserver, and the zonefile looks like this:


foobar.com.      IN SOA ns.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.foobar.com.
ns.foobar.com.        IN      A        10.10.10.100


Another nameserver exists at 10.10.10.100 which correctly resolves www.foobar.com. However, when I query example.com's nameserver for www.foobar.com, I get:

> www.foobar.com
Server:         10.10.10.10
Address:        10.10.10.10#53

** server can't find www.foobar.com: NXDOMAIN

Where 10.10.10.10 is the IP address of the nameserver at example.com.

What have I done wrong?

Many thanks,
Matt.

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18880985

Hi Matt,

You're just missing a www record for that:


foobar.com.      IN SOA ns.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.foobar.com.
ns.foobar.com.        IN      A        10.10.10.100

www               IN A    10.10.10.100


I recommend you change ns.foobar.com to ns1.foobar.com. It's not good practice to have host names the same as Record Types.

Chris
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:mb2297
ID: 18884756
Hi Chris,

Thanks for your comments, but your solution isn't what I'm looking for. Giving the example.com nameserver an entry for www makes it authoritative for foobar.com -- that's not what I want to do.

What I want is for a resolver to visit 10.10.10.10 and be deferred to 10.10.10.100, since that is the server I want to be authoritative for  foobar.com.

I'm starting to get the impression that this isn't possible.

Thanks,
Matt.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18885021

I'm a little lost I'm afraid.

Adding the zone for fooar.com makes it authoritative for the domain.

Instead, are you trying to configure a Conditional Forwarder? So that all requests for foobar.com that arrive at ns.example.com are sent off to 10.10.10.100?

Don't rule it out as being impossible quite yet, I'm just having trouble figuring out your intent :)

Chris
0
 

Author Comment

by:mb2297
ID: 18890096
Ah, wonderful!

A conditional forwarder sounded like exactly what I need, so I added this to my named.local.conf file:

zone "foobar.com" {
        type forward;
        forwarders { 10.10.10.100; };
};

And it now works!

There's just one final thing: you say in a previous reply that it's not good practice to have hostnames the same as record types. Why is that?

Many thanks indeed,
Matt.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18890359

Just because it can get confusing for the DNS server. For example, if you write your NS record in shorthand you get:

NS NS <IP Address>

Which is a bit confusing to say the least (both to us and the Name Server).

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18890380

Er, okay bit of an asleep moment... shorthand for the NS Record would just be:

NS NS

Which expands to:

@ IN NS NS.foobar.com.

But you'd have to write everything out in it's long form.

Chris
0
 

Author Comment

by:mb2297
ID: 18891559
Wonderful.

Thank you for your patience!

Matt.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18893451

You're most welcome :)

Chris
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Suggested Solutions

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now