On 03/04/2013 03:26 PM, Verne Britton wrote:
my test server (its up and down a lot) is at yournameserver with these two test
zones ... what I want to be able to do is:
1. serve the A records as authoritative
Looks like it's working in that regard:
jm@workstation:~$ dig +norecurse @yournameserver wvstateu.edu ns
;; QUESTION SECTION:
;wvstateu.edu. IN NS
;; ANSWER SECTION:
wvstateu.edu. 86400 IN NS nameserv3.wvnet.edu.
jm@workstation:~$ dig +norecurse @yournameserver wvstateu.edu
;; QUESTION SECTION:
;wvstateu.edu. IN A
;; ANSWER SECTION:
wvstateu.edu. 86400 IN A 98.129.177.93
;; AUTHORITY SECTION:
wvstateu.edu. 86400 IN NS nameserv3.wvnet.edu.
jm@workstation:~$ dig +norecurse @yournameserver gmail.wvstateu.edu
;; QUESTION SECTION:
;gmail.wvstateu.edu. IN A
;; ANSWER SECTION:
gmail.wvstateu.edu. 3600 IN CNAME ghs.l.google.com.
2. somehow handle resolutions coming at me for the CNAMEs
Looks like that's working; see above.
3. not have a public open recursive server
jm@workstation:~$ dig @yournameserver gmail.com
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 23091
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;gmail.com. IN A
So from my side of things, all of your requirements are being met ;-)
Can you post a copy of your dig command where the server _is_ trying to
follow up the CNAME resolution? Based on your config, the server should
try to follow up the CNAME (answer recursively) for anything in the
"trusted" ACL, which includes your server itself.
Some questions:
- What's the overall purpose of this server? To answer recursive
queries from internal clients? To answer authoritative queries from
internal clients (hidden master)? To answer authoritative queries from
the outside world? Right now, you're doing all three, which isn't
ideal. Far better to separate things out.
John
Verne
--------------------------------------------------------------------
Verne Britton, Lead Systems Programmer voice: (304) 293-5192 x230
Systems Support Group (in WV, call 1-800-253-1558)
West Virginia Network for FAX: (304) 293-5540
Educational Telecomputing [email protected]
837 Chestnut Ridge Road http://myweb.wvnet.edu/~verne
Morgantown, WV 26505 http://www.wvnet.edu
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
