Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Bind9 DNS Setup

Posted on 2011-02-15
14
391 Views
Last Modified: 2012-06-27
Hello,

Here's the goal I'm trying to achieve with Bind9:

Site A:
Address: 172.30.18.10
Master Zones: domain.com, sitea.domain.com
Slaves Zones: siteb.domain.com

Site B:
Address: 172.30.22.10
Master Zones: siteb.domain.com
Slaves Zones: domain.com

All hosts in both sites will do dynamic updates (host.sitea.domain.com). The master zone "domain.com" will host static records.

I want users to be able to access server.domain.com but I will need to be able to access host.sitea.domain.com.

Thank you.

0
Comment
Question by:we3kings
  • 7
  • 7
14 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34899595

How far have you got / what do you need help with?

Servers up at each site?

Primary / Secondary zones set?

Trouble with named.conf?

Chris
0
 

Author Comment

by:we3kings
ID: 34899653
Thanks for the reply. So far I have by named.conf.local setup on both servers and everything is fine in that regard. I guess my problem is with the zone files. I'm not really sure how to my nameserver (ns.sitea.domain.com) on both domain.com and sitea.domain.com. Thanks a bunch for the help!
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34899714

Good stuff :) Are you willing to post named.conf for each server at all?

Are these public servers? Or is this all your own private network?

If it's private, you can pretty much make up the NS records. Personally I'd have:

ns1.domain.com.  IN A  172.30.18.10    (Site A)
ns2.domain.com.  IN A  172.30.22.10    (Site B)

Then I would make all zones use those addresses as NS. For example, records like this within their respective zones:

domain.com.     IN NS   ns1.domain.com.
domain.com.     IN NS   ns2.domain.com.

Given that sitea has no slave zone, were you intending to rely on a delegation in domain.com? Please don't hesitate to post snippets of your configuration / zone files or ask questions if anything I post is not clear.

Chris
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:we3kings
ID: 34900160
Okay, let me try it this way. I'll just post snippets of how I want it to look starting with siteA:

SiteA (This is the hub location where the IT department is located.)

zone "domain.com" {
type master;
file "domain.com.hosts";
allow-transfer { 172.30.22.10; };
}

Open in new window

@ IN SOA siteaNS. email.domain. (serial, etc)
@ IN NS siteaNS
IN A 172.30.18.10

Open in new window


zone "sitea.domain.com" {
type master;
file "sitea.domain.com.hosts";
}

Open in new window

@ IN SOA siteaNS. email.domain (serial, etc)
@ IN NS siteaNS
IN A 172.30.18.10

Open in new window


Sorry if this doesn't make sense. I'm kind of burned out at this point.

0
 

Author Comment

by:we3kings
ID: 34900202
Sorry, this is a private network.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34900268

It's no problem, we can go slowly.

I take it these are not literal examples? I want to make sure because syntax in zone files is important. That is, these two are not equivalent:

@ IN NS siteaNS

And:

@ IN NS siteaNS.

If you're fabricating names, can you use the same number of labels (that is ns1.realdomain.com becomes ns1.domain.example).

Anyway, making allowances for replacement, those look pretty okay. You'd have a slave configured on SiteB-NS, and that'd transfer the zone from A. You would want to include SiteB-NS in the NS record set in the zone on A though.

e.g.
; domain.com zone file
; The origin, @, zone name by default, will be appended to all unterminated names (no trailing .)
@        IN SOA     SiteA-NS  hostmaster (serial, etc)
         IN NS      SiteA-NS

         IN A       172.30.18.10

; A records for name servers
SiteA-NS IN A       172.30.18.10
SiteB-NS IN A       172.30.22.10

; Delegation for SiteA sub-domain (delegated to SiteA-NS only)
SiteA    IN NS      SiteA-NS

Open in new window

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34900305
Sorry, I still managed to miss SiteB-NS out of the NS record set.

Re-posting that sample:
; domain.com zone file
; The origin, @, zone name by default, will be appended to all unterminated names (no trailing .)
@        IN SOA     SiteA-NS  hostmaster (serial, etc)
         IN NS      SiteA-NS
         IN NS      SiteB-NS

         IN A       172.30.18.10

; A records for name servers
SiteA-NS IN A       172.30.18.10
SiteB-NS IN A       172.30.22.10

; Delegation for SiteA sub-domain (delegated to SiteA-NS only)
SiteA    IN NS      SiteA-NS

Open in new window

Chris
0
 

Author Comment

by:we3kings
ID: 34900821
Thanks so much for that! You inadvertently solved another problem I was having with nslookup. Anyway, do I need to have the part about delegation if I'm going to have an entirely different zone for sitea.domain.com? I'm not entirely sure how that works. The previous parts solve my domain.com problem, now I'm moving on to sitea.domain.com which is located on 172.30.18.10. Would it look pretty much identical to domain.com zone?

@	IN SOA	SiteA-NS hostmaster (serial, etc)
	IN NS	SiteA-NS
	IN A	172.30.18.10

Open in new window

0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34900896
The delegation presents information for other people rather than information for your own server. For internal-only setup's it's rarely necessary as clients always talk to an authoritative server, however I generally include them for completion and consistency.

The sitea.domain.com zone is a bit different. The NS Record refers to a server outside of its own zone.
@	IN SOA	SiteA-NS.domain.com. hostmaster (serial, etc)
	IN NS	SiteA-NS.domain.com.

	IN A	172.30.18.10

Open in new window

Because you're referring back to the single entry for SiteA-NS.domain.com you need to reference the full name. You must include the trailing . or it will make it into "SiteA-NS.domain.com.sitea.domain.com" as it will append the zone name.

The e-mail address in the SOA, hostmaster, will become hostmaster.sitea.domain.com, as with the server address, you could simply reference hostmaster.domain.com. (again, including the trailing .).

With this, we don't need to include an A record for SiteA-NS in this sub-domain. You're using the record from the parent zone. It's the approach I would take as your name server entries would be consistent across all zones.

Chris
0
 

Author Comment

by:we3kings
ID: 34910204
Awesome, man! Thank you for going out of your way for me. All that worked like a charm... currently I have both sites set up. domain.com is transferring from sitea to siteb and both can access it's contents. sitea.domain.com and siteb.domain.com are both accepting dynamic updates. I've also set up forwarding zones on sitea to allow resolution of siteb.domain.com records. However, I do not need siteb to resolve any records from sitea.domain.com. Any clue how to do that? Also, when I look a nslookup in Windows, I get "Can't find server name from address 172.30.22.10: Non-existent domain", any idea on that?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34910308

The delegation for sitea is part of domain.com, so if SiteB-NS needs to resolve names for sitea it'll follow the delegation.

You could remove that, or you could restrict access to sitea, perhaps removing the delegation might be easiest at this stage?

And the Can't find server name... it happens because the MS version of nslookup tries to do this when it starts:

nslookup -q=ptr 172.30.22.10

Without a Reverse Lookup Zone and a PTR record that won't work so it throws the error.

You can ignore it if you like, it's pretty harmless. If you want to have reverse lookup as well you need a zone named like this:

18.30.172.in-addr.arpa

That covers SiteA. You could make a similar version for SiteB, or you could use a larger zone to cover both subnets:

30.172.in-addr.arpa

Chris
0
 

Author Comment

by:we3kings
ID: 34910427
Awesome! Sorry for the little bonus question there. Do you need a job, btw, haha? Thanks again for all the help.
0
 

Author Closing Comment

by:we3kings
ID: 34910431
Awesome responses!
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34910466

You're welcome :)

Chris
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MX Backup 4 72
server DNS address could not be found 22 251
Creating a reverse DNS record 3 68
Exchange 2010:  Outlook client disconnected after power outage. 10 53
This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question