Solved

Specifying an authoritative nameserver using BIND

Posted on 2007-04-06
13
1,096 Views
Last Modified: 2012-08-13
Hello experts,

I'm having trouble configuring a nameserver which delegates to other authoritative nameservers for certain domain names.

For example, my machine is ns.example.com (it's IP address is 123.123.123.123)

foobar.com was registered with me, so DNS requests for anything.foobar.bar come to ns.example.com, but foobar.com has it's own nameserver (ns.foobar.com, IP: 456.456.456.456).

How do I specify on ns.example.com that ns.foobar.com is authoritative for foobar.com?

The zone file that I currrently have is below:

example.com.      IN SOA ns.example.com. admin.example.com. (
        2007010101
        28800
        3600
        604800
        38400
)

example.com.               IN      NS      ns.example.com.
ns.registrar.com.          IN      A       123.123.123.123
foobar.com.                  IN      NS     ns.foobar.com.
ns.foobar.com.             IN      A       456.456.456.456

The problem seems to be that ns.example.com never refers lookups for foobar.com to ns.foobar.com. It goes to it's forwarders instead.

It doesn't seem like this should be a difficult thing to do. What am I doing wrong?

Many thanks,
Matt.
0
Comment
Question by:mb2297
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 5

Expert Comment

by:suggestionstick
ID: 18868378
Hi


When you registered the Domain foobar.com, you entered the authoritive nameserver(s) as ns.example.com, is this correct?

If this is so, create a zone file for foobar.com on your  ns.example.com and it will sever DNS requests for the domain.

If you want to delegate requests for the foobar.com to another name server, such as ns.foobar.com, you can redelegate at the registar to that nameserver.

Normally you would only redelegate subdomains to another DNS server, foobar.com is using ns.foobar.com, put you can delegate subdomain.foobar.com to ns.example.com.

I suggest that you delegate the foobar.com domain to which ever DNS server you want to serve DNS queries, at the registar level.

trev
0
 

Author Comment

by:mb2297
ID: 18869210
Hi Trev,

I think we're on the right lines. This is a theoretical question though, so I haven't actually registered any domains. I'm using an internal system where I'm the

I guess a more real world example would be this:

I go to 123-reg.co.uk (my preferred registrar) and buy mattswidgets.com from them. They would then have an entry in their nameserver that contains the IP address of mattswidgets.com (and it's subdomains) to point to my hosting server. If I now setup my own nameserver for mattswidgets.com, 123-reg.co.uk would have to change their nameserver entry to delegate (I think that's the correct term) mattswidgets.com to my new nameserver.

The problem is that I can't figure out how to do the delegation at example.com (the same function that 123-reg would be performing in the above example, when it changed it's nameserver to delegate to the new foobar.com nameserver).

If I created a zone for foobar.com on the example.com nameserver, wouldn't that make the example.com nameserver authoritative for foobar.com? That's what I'm trying to change, by delegating to a new authoritative nameserver for foobar.com.

What should the zone file for example.com look like?

Many thanks,
Matt.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18870140

You cannot delegate foobar.com from example.com. example.com isn't the Parent.

foobar.com must be delegated from the Top Level Domain servers that hold all registrations for .com.

If you have setup a Domain on 123-reg.co.uk and said the Name Server for foobar.com is ns1.foobar.com you would create a new zone, something like this:

foobar.com.      IN SOA ns1.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns1.foobar.com.
ns1.foobar.com.        IN      A         <IP Address>

You could also have the Name Server for example.com answer authoritatively for foobar.com, it's only a name, it doesn't much matter if the name server isn't in the same zone. i.e.

foobar.com.      IN SOA ns.example.com. admin.example.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.example.com.

However, the zone for example.com doesn't need to know anything about this.

HTH

Chris
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 7

Expert Comment

by:HalldorG
ID: 18875235
You should check the /etc/named.conf file
define the other nameserver as master for foobar.com
and this you as slave

zone "foobar.com" {
      type slave;
      masters {  456.456.456.456; }:
      file "foobar.com.soa";
};

But on the other server you need to have your server as name server record
setup as you where intending on your file.
0
 

Author Comment

by:mb2297
ID: 18879411
Hi Chris,

I don't want example.com to be authoritative for foobar.com, so I went with your first suggestion.

I added a zone for foobar.com to the example.com nameserver, and the zonefile looks like this:


foobar.com.      IN SOA ns.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.foobar.com.
ns.foobar.com.        IN      A        10.10.10.100


Another nameserver exists at 10.10.10.100 which correctly resolves www.foobar.com. However, when I query example.com's nameserver for www.foobar.com, I get:

www.foobar.com
Server:         10.10.10.10
Address:        10.10.10.10#53

** server can't find www.foobar.com: NXDOMAIN

Where 10.10.10.10 is the IP address of the nameserver at example.com.

What have I done wrong?

Many thanks,
Matt.

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18880985

Hi Matt,

You're just missing a www record for that:


foobar.com.      IN SOA ns.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.foobar.com.
ns.foobar.com.        IN      A        10.10.10.100

www               IN A    10.10.10.100


I recommend you change ns.foobar.com to ns1.foobar.com. It's not good practice to have host names the same as Record Types.

Chris
0
 

Author Comment

by:mb2297
ID: 18884756
Hi Chris,

Thanks for your comments, but your solution isn't what I'm looking for. Giving the example.com nameserver an entry for www makes it authoritative for foobar.com -- that's not what I want to do.

What I want is for a resolver to visit 10.10.10.10 and be deferred to 10.10.10.100, since that is the server I want to be authoritative for  foobar.com.

I'm starting to get the impression that this isn't possible.

Thanks,
Matt.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18885021

I'm a little lost I'm afraid.

Adding the zone for fooar.com makes it authoritative for the domain.

Instead, are you trying to configure a Conditional Forwarder? So that all requests for foobar.com that arrive at ns.example.com are sent off to 10.10.10.100?

Don't rule it out as being impossible quite yet, I'm just having trouble figuring out your intent :)

Chris
0
 

Author Comment

by:mb2297
ID: 18890096
Ah, wonderful!

A conditional forwarder sounded like exactly what I need, so I added this to my named.local.conf file:

zone "foobar.com" {
        type forward;
        forwarders { 10.10.10.100; };
};

And it now works!

There's just one final thing: you say in a previous reply that it's not good practice to have hostnames the same as record types. Why is that?

Many thanks indeed,
Matt.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18890359

Just because it can get confusing for the DNS server. For example, if you write your NS record in shorthand you get:

NS NS <IP Address>

Which is a bit confusing to say the least (both to us and the Name Server).

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18890380

Er, okay bit of an asleep moment... shorthand for the NS Record would just be:

NS NS

Which expands to:

@ IN NS NS.foobar.com.

But you'd have to write everything out in it's long form.

Chris
0
 

Author Comment

by:mb2297
ID: 18891559
Wonderful.

Thank you for your patience!

Matt.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18893451

You're most welcome :)

Chris
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Managing 24/7 IT Operations is a hands-on job and indeed a difficult one. Over the years I have found some simple tips and techniques to increase the efficiency of the overall operations. The core concept has always been on continuous improvement; a…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question