Specifying an authoritative nameserver using BIND

Hello experts,

I'm having trouble configuring a nameserver which delegates to other authoritative nameservers for certain domain names.

For example, my machine is ns.example.com (it's IP address is 123.123.123.123)

foobar.com was registered with me, so DNS requests for anything.foobar.bar come to ns.example.com, but foobar.com has it's own nameserver (ns.foobar.com, IP: 456.456.456.456).

How do I specify on ns.example.com that ns.foobar.com is authoritative for foobar.com?

The zone file that I currrently have is below:

example.com.      IN SOA ns.example.com. admin.example.com. (
        2007010101
        28800
        3600
        604800
        38400
)

example.com.               IN      NS      ns.example.com.
ns.registrar.com.          IN      A       123.123.123.123
foobar.com.                  IN      NS     ns.foobar.com.
ns.foobar.com.             IN      A       456.456.456.456

The problem seems to be that ns.example.com never refers lookups for foobar.com to ns.foobar.com. It goes to it's forwarders instead.

It doesn't seem like this should be a difficult thing to do. What am I doing wrong?

Many thanks,
Matt.
mb2297Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

suggestionstickCommented:
Hi


When you registered the Domain foobar.com, you entered the authoritive nameserver(s) as ns.example.com, is this correct?

If this is so, create a zone file for foobar.com on your  ns.example.com and it will sever DNS requests for the domain.

If you want to delegate requests for the foobar.com to another name server, such as ns.foobar.com, you can redelegate at the registar to that nameserver.

Normally you would only redelegate subdomains to another DNS server, foobar.com is using ns.foobar.com, put you can delegate subdomain.foobar.com to ns.example.com.

I suggest that you delegate the foobar.com domain to which ever DNS server you want to serve DNS queries, at the registar level.

trev
0
mb2297Author Commented:
Hi Trev,

I think we're on the right lines. This is a theoretical question though, so I haven't actually registered any domains. I'm using an internal system where I'm the

I guess a more real world example would be this:

I go to 123-reg.co.uk (my preferred registrar) and buy mattswidgets.com from them. They would then have an entry in their nameserver that contains the IP address of mattswidgets.com (and it's subdomains) to point to my hosting server. If I now setup my own nameserver for mattswidgets.com, 123-reg.co.uk would have to change their nameserver entry to delegate (I think that's the correct term) mattswidgets.com to my new nameserver.

The problem is that I can't figure out how to do the delegation at example.com (the same function that 123-reg would be performing in the above example, when it changed it's nameserver to delegate to the new foobar.com nameserver).

If I created a zone for foobar.com on the example.com nameserver, wouldn't that make the example.com nameserver authoritative for foobar.com? That's what I'm trying to change, by delegating to a new authoritative nameserver for foobar.com.

What should the zone file for example.com look like?

Many thanks,
Matt.
0
Chris DentPowerShell DeveloperCommented:

You cannot delegate foobar.com from example.com. example.com isn't the Parent.

foobar.com must be delegated from the Top Level Domain servers that hold all registrations for .com.

If you have setup a Domain on 123-reg.co.uk and said the Name Server for foobar.com is ns1.foobar.com you would create a new zone, something like this:

foobar.com.      IN SOA ns1.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns1.foobar.com.
ns1.foobar.com.        IN      A         <IP Address>

You could also have the Name Server for example.com answer authoritatively for foobar.com, it's only a name, it doesn't much matter if the name server isn't in the same zone. i.e.

foobar.com.      IN SOA ns.example.com. admin.example.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.example.com.

However, the zone for example.com doesn't need to know anything about this.

HTH

Chris
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

HalldorGCommented:
You should check the /etc/named.conf file
define the other nameserver as master for foobar.com
and this you as slave

zone "foobar.com" {
      type slave;
      masters {  456.456.456.456; }:
      file "foobar.com.soa";
};

But on the other server you need to have your server as name server record
setup as you where intending on your file.
0
mb2297Author Commented:
Hi Chris,

I don't want example.com to be authoritative for foobar.com, so I went with your first suggestion.

I added a zone for foobar.com to the example.com nameserver, and the zonefile looks like this:


foobar.com.      IN SOA ns.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.foobar.com.
ns.foobar.com.        IN      A        10.10.10.100


Another nameserver exists at 10.10.10.100 which correctly resolves www.foobar.com. However, when I query example.com's nameserver for www.foobar.com, I get:

www.foobar.com
Server:         10.10.10.10
Address:        10.10.10.10#53

** server can't find www.foobar.com: NXDOMAIN

Where 10.10.10.10 is the IP address of the nameserver at example.com.

What have I done wrong?

Many thanks,
Matt.

0
Chris DentPowerShell DeveloperCommented:

Hi Matt,

You're just missing a www record for that:


foobar.com.      IN SOA ns.foobar.com. admin.foobar.com. (
        2007010101
        28800
        3600
        604800
        38400
)

foobar.com.               IN      NS      ns.foobar.com.
ns.foobar.com.        IN      A        10.10.10.100

www               IN A    10.10.10.100


I recommend you change ns.foobar.com to ns1.foobar.com. It's not good practice to have host names the same as Record Types.

Chris
0
mb2297Author Commented:
Hi Chris,

Thanks for your comments, but your solution isn't what I'm looking for. Giving the example.com nameserver an entry for www makes it authoritative for foobar.com -- that's not what I want to do.

What I want is for a resolver to visit 10.10.10.10 and be deferred to 10.10.10.100, since that is the server I want to be authoritative for  foobar.com.

I'm starting to get the impression that this isn't possible.

Thanks,
Matt.
0
Chris DentPowerShell DeveloperCommented:

I'm a little lost I'm afraid.

Adding the zone for fooar.com makes it authoritative for the domain.

Instead, are you trying to configure a Conditional Forwarder? So that all requests for foobar.com that arrive at ns.example.com are sent off to 10.10.10.100?

Don't rule it out as being impossible quite yet, I'm just having trouble figuring out your intent :)

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mb2297Author Commented:
Ah, wonderful!

A conditional forwarder sounded like exactly what I need, so I added this to my named.local.conf file:

zone "foobar.com" {
        type forward;
        forwarders { 10.10.10.100; };
};

And it now works!

There's just one final thing: you say in a previous reply that it's not good practice to have hostnames the same as record types. Why is that?

Many thanks indeed,
Matt.
0
Chris DentPowerShell DeveloperCommented:

Just because it can get confusing for the DNS server. For example, if you write your NS record in shorthand you get:

NS NS <IP Address>

Which is a bit confusing to say the least (both to us and the Name Server).

Chris
0
Chris DentPowerShell DeveloperCommented:

Er, okay bit of an asleep moment... shorthand for the NS Record would just be:

NS NS

Which expands to:

@ IN NS NS.foobar.com.

But you'd have to write everything out in it's long form.

Chris
0
mb2297Author Commented:
Wonderful.

Thank you for your patience!

Matt.
0
Chris DentPowerShell DeveloperCommented:

You're most welcome :)

Chris
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.