> Date: Sun, 22 May 2011 13:36:43 -0700 > From: dalton stickney <daltons.stick...@gmail.com> > Sender: bind-users-bounces+oberman=es....@lists.isc.org > > Hello all > , > I have what may be an easy question here, but it's been a while since I did > much with Bind, so I'm not entirely sure if I'm doing something wrong here. > > What I'm trying to do, should be relatively simple i think, but for some > reason i cannot get it to work. I'm trying to delegate a subdomain to a > separate nameserver. > > My zone file looks like this: > > $TTL 86400 > > > ; Start of Authority > > stor.company.com. 86400 IN SOA ns1.company.com. > hostmaster.company.com. ( > > 2011052000 ; Serial > > 3600 ; Refresh > > 900 ; Retry > > 864000 ; Expire > > 86400 ; Min TTL > > ) > > ; Host > > > sip.stor.company.com. IN A 10.10.10.10 > > > ; Nameserver > > > subdomain.stor.company.com. IN NS sip.stor.company.com. > > > stor.company.com. IN NS ns2.company.com. > > stor.company.com. IN NS ns1.company.com. > > > I have the appropriate entry for stor.company.com in named.conf. > > > I can resolve the nameserver for the subdomain: sip.stor.company.com. > > > But i cannot dig for ns for subdomain.stor.company.com, it times out. > > > Am I missing something obvious in my config?
Several questions come to mind: 1. Do you have a glue record for sip.stor.company.com? If not, you will get timeouts. 2. You wrote "I have the appropriate entry for stor.company.com in named.conf.", but you don't give us an idea of what you mean by appropriate. I think the first item is the real problem. Glue records often confuse people. Also, the SOA has a Min TTL of 1 day. This is seriously long, but people often don't understand what this value means in modern DNS servers. It does not mean the minimum TTL for a record in the zone. It ie really the TTL for negative cache entries and is usually a few minutes, not hours or days. If you get a NXDOMAIN for a domain that is not QUITE on line, you will continue to get that answer for a full day before it will actually be checked again. This is a fail-safe mechanism to control load on servers, but checking every 10 or 15 minutes is not a serious load. Fortunately, BIND has a sanity check that limits min TTL to 3 hours, so yours is not as bad as it seems, but I'd really suggest changing it. (See the ARM Chapter 6 "Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users