Hi, Ben Bridges wrote: > > sun > > NB: it also forwards to "isp" dns server. > If your sun server is configured to use your isp dns server as a > forwarder, then I think it will forward requests for example.test > to the isp server even though it delegated example.test to plesk. > That would seem to be supported by the fact that your sun server knows > it is not authoritative for example.test (no AA flag in response to > the query for example.test) and that you see it sending requests > to the isp server (although you don't specify that it is sending > requests to it for example.test). Ah sorry, its indeed sending requests to it for the example.test domain.
> You could try creating example.test as a forward zone in named.conf on > your sun server and specifying plesk as the forwarder for that zone. Indeed, adding a forward zone like bellow works! but why does it work? or why is it needed? zone "example.test" { type forward; // forward only; // forwarders { 192.168.2.10; }; }; Note that I only needed to include the "type forward" line, the other lines do not seem to be needed. I'm I missing something? they aren't really needed? By reading the bind manual it seems we have to include them. BTW, if I try to query without recurse (and without addind the forward zone as above): dig example.test +norecurse ; <<>> DiG 9.4.2-P2 <<>> example.test +norecurse ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62293 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;example.test. IN A ;; AUTHORITY SECTION: example.test. 600 IN NS plesk.test. ;; ADDITIONAL SECTION: plesk.test. 600 IN A 192.168.2.10 ;; Query time: 1 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Mon Mar 2 22:22:40 2009 ;; MSG SIZE rcvd: 66 it seems to work (that is, it returns the NS and A record for the NS)... only when quering with recurse it fails, any ideia why? Thanks! Best regards, Rui Lopes > > > ------------------------------------------------------------------------ > *From:* bind-users-boun...@lists.isc.org on behalf of Rui Lopes > *Sent:* Sun 3/1/2009 2:46 PM > *To:* bind-users@lists.isc.org > *Subject:* how to create a private "test." zone? > > Hello, > > I'm trying to create a private "test." zone for use in my local > "testing lab". > > I've setup an recursive DNS server that will serve the "test." zone > (in Sun host; see the network diagram bellow). > > The resolution of a domain in the "test" zone works as expected, eg: > > dig sun.test > ; <<>> DiG 9.4.2-P2 <<>> sun.test > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: > 0 > > ;; QUESTION SECTION: > ;sun.test. IN A > > ;; ANSWER SECTION: > sun.test. 600 IN A 192.168.2.1 > > ;; AUTHORITY SECTION: > test. 600 IN NS sun.test. > > ;; Query time: 2 msec > ;; SERVER: 192.168.2.1#53(192.168.2.1) > ;; WHEN: Sun Mar 1 10:39:28 2009 > ;; MSG SIZE rcvd: 56 > > > After this, I wanted to delegate the "example.test." zone to another > local DNS server of mine (the Plesk host). I did the delegation by > adding the following RR in the "test." zone (in the Sun host): > > example IN NS plesk > > > I tried to resolve the "example.test" domain with: > > dig example.test > ; <<>> DiG 9.4.2-P2 <<>> example.test > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;example.test. IN A > > ;; Query time: 31 msec > ;; SERVER: 192.168.2.1#53(192.168.2.1) > ;; WHEN: Sun Mar 1 10:40:39 2009 > ;; MSG SIZE rcvd: 30 > > > Which failed... > > NB: I can see my local dns server sending queries to my isp dns > server. But why? > > NB: Asking the same question directly at the Plesk DNS server works: > > dig example.test @plesk.test > ; <<>> DiG 9.4.2-P2 <<>> example.test @plesk.test > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2358 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: > 0 > > ;; QUESTION SECTION: > ;example.test. IN A > > ;; ANSWER SECTION: > example.test. 86400 IN A 192.168.2.10 > > ;; AUTHORITY SECTION: > example.test. 86400 IN NS plesk.test. > > ;; Query time: 2 msec > ;; SERVER: 192.168.2.10#53(192.168.2.10) > ;; WHEN: Sun Mar 1 10:41:43 2009 > ;; MSG SIZE rcvd: 66 > > > What I'm doing wrong in the delegation, and how can I fix it? > > > My network diagram is: > > +-------------+ > | isp | > +-------------+ 10.0.2.3 (DNS) > | > -------+------------------------------------------- 10/24 > | > +-------------+ 10.0.2.15 +-------------+ > | sun | | plesk | > +-------------+ 192.168.2.1 +-------------+ 192.168.2.10 > | | > -------+-----------------------------+------------- 192.168.2/24 > > isp > my ISP DNS server host. > sun > my local DNS server host that hosts the "test." zone. > NB: this is an recursive server. > NB: it also forwards to "isp" dns server. > NB: local resolv.conf points to 192.168.2.1 > plesk > my other local DNS server host that hosts the "example.test." > zone. > NB: this is an authoritative server only. > NB: local resolv.conf points to 192.168.2.1 > > > This is what the Sun DNS server has about the "test." zone: > > $TTL 10m ; default TTL > $ORIGIN test. ; base domain-name > @ IN SOA sun hostmaster ( > 2008042800 ; serial > 10m ; refresh > 15m ; retry > 3w ; expire > 10m ; minimum > ) > > IN NS sun > > sun IN A 192.168.2.1 > plesk IN A 192.168.2.10 > > ; delegate example.test. to plesk.test. > example IN NS plesk > ;example IN A 192.168.2.10 > > > And this is what the Plesk DNS server has about the "example.test." > zone: > > @ IN SOA plesk.test. ironman.example.test. ( > 1235830200 ; Serial > 10800 ; Refresh > 3600 ; Retry > 604800 ; Expire > 10800 ) ; Minimum > > example.test. IN NS plesk.test. > example.test. IN A 192.168.2.10 > > > > If you need more information, please let me known. > > Thanks! > > > Best regards, > Rui Lopes > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users