Bind9 DNS Setup

How far have you got / what do you need help with?

Servers up at each site?

Primary / Secondary zones set?

Trouble with named.conf?

Chris

Thanks for the reply. So far I have by named.conf.local setup on both servers and everything is fine in that regard. I guess my problem is with the zone files. I'm not really sure how to my nameserver (ns.sitea.domain.com) on both domain.com and sitea.domain.com. Thanks a bunch for the help!

Good stuff :) Are you willing to post named.conf for each server at all?

Are these public servers? Or is this all your own private network?

If it's private, you can pretty much make up the NS records. Personally I'd have:

ns1.domain.com.  IN A  172.30.18.10    (Site A)
ns2.domain.com.  IN A  172.30.22.10    (Site B)

Then I would make all zones use those addresses as NS. For example, records like this within their respective zones:

domain.com.     IN NS   ns1.domain.com.
domain.com.     IN NS   ns2.domain.com.

Given that sitea has no slave zone, were you intending to rely on a delegation in domain.com? Please don't hesitate to post snippets of your configuration / zone files or ask questions if anything I post is not clear.

Chris

Okay, let me try it this way. I'll just post snippets of how I want it to look starting with siteA:

SiteA (This is the hub location where the IT department is located.)

zone "domain.com" {
type master;
file "domain.com.hosts";
allow-transfer { 172.30.22.10; };
}

Select allOpen in new window

@ IN SOA siteaNS. email.domain. (serial, etc)
@ IN NS siteaNS
IN A 172.30.18.10

Select allOpen in new window

zone "sitea.domain.com" {
type master;
file "sitea.domain.com.hosts";
}

Select allOpen in new window

@ IN SOA siteaNS. email.domain (serial, etc)
@ IN NS siteaNS
IN A 172.30.18.10

Select allOpen in new window

Sorry if this doesn't make sense. I'm kind of burned out at this point.

Sorry, this is a private network.

It's no problem, we can go slowly.

I take it these are not literal examples? I want to make sure because syntax in zone files is important. That is, these two are not equivalent:

@ IN NS siteaNS

And:

@ IN NS siteaNS.

If you're fabricating names, can you use the same number of labels (that is ns1.realdomain.com becomes ns1.domain.example).

Anyway, making allowances for replacement, those look pretty okay. You'd have a slave configured on SiteB-NS, and that'd transfer the zone from A. You would want to include SiteB-NS in the NS record set in the zone on A though.

e.g.

; domain.com zone file
; The origin, @, zone name by default, will be appended to all unterminated names (no trailing .)
@        IN SOA     SiteA-NS  hostmaster (serial, etc)
         IN NS      SiteA-NS

         IN A       172.30.18.10

; A records for name servers
SiteA-NS IN A       172.30.18.10
SiteB-NS IN A       172.30.22.10

; Delegation for SiteA sub-domain (delegated to SiteA-NS only)
SiteA    IN NS      SiteA-NS

Select allOpen in new window

Chris

Sorry, I still managed to miss SiteB-NS out of the NS record set.

Re-posting that sample:

; domain.com zone file
; The origin, @, zone name by default, will be appended to all unterminated names (no trailing .)
@        IN SOA     SiteA-NS  hostmaster (serial, etc)
         IN NS      SiteA-NS
         IN NS      SiteB-NS

         IN A       172.30.18.10

; A records for name servers
SiteA-NS IN A       172.30.18.10
SiteB-NS IN A       172.30.22.10

; Delegation for SiteA sub-domain (delegated to SiteA-NS only)
SiteA    IN NS      SiteA-NS

Select allOpen in new window

Chris

Thanks so much for that! You inadvertently solved another problem I was having with nslookup. Anyway, do I need to have the part about delegation if I'm going to have an entirely different zone for sitea.domain.com? I'm not entirely sure how that works. The previous parts solve my domain.com problem, now I'm moving on to sitea.domain.com which is located on 172.30.18.10. Would it look pretty much identical to domain.com zone?

@	IN SOA	SiteA-NS hostmaster (serial, etc)
	IN NS	SiteA-NS
	IN A	172.30.18.10

Select allOpen in new window

Awesome, man! Thank you for going out of your way for me. All that worked like a charm... currently I have both sites set up. domain.com is transferring from sitea to siteb and both can access it's contents. sitea.domain.com and siteb.domain.com are both accepting dynamic updates. I've also set up forwarding zones on sitea to allow resolution of siteb.domain.com records. However, I do not need siteb to resolve any records from sitea.domain.com. Any clue how to do that? Also, when I look a nslookup in Windows, I get "Can't find server name from address 172.30.22.10: Non-existent domain", any idea on that?

The delegation for sitea is part of domain.com, so if SiteB-NS needs to resolve names for sitea it'll follow the delegation.

You could remove that, or you could restrict access to sitea, perhaps removing the delegation might be easiest at this stage?

And the Can't find server name... it happens because the MS version of nslookup tries to do this when it starts:

nslookup -q=ptr 172.30.22.10

Without a Reverse Lookup Zone and a PTR record that won't work so it throws the error.

You can ignore it if you like, it's pretty harmless. If you want to have reverse lookup as well you need a zone named like this:

18.30.172.in-addr.arpa

That covers SiteA. You could make a similar version for SiteB, or you could use a larger zone to cover both subnets:

30.172.in-addr.arpa

Chris

Awesome! Sorry for the little bonus question there. Do you need a job, btw, haha? Thanks again for all the help.

Awesome responses!

You're welcome :)

Chris