> If you want the help from other people in this mailing list, withholding and
> censoring information isn’t the way forward. Please stop wasting everyone’s
> time by providing incomplete information. The fact that you are running DLZ on
> the NS2 is important, the other important information is how exactly does look
> the communication between ns1 and ns2. Don’t guess what might be useful for
> other people, provide full uncensored information. If you can’t do that,
> replicate the setup in the lab and provide full information about the setup
> and
> the communication between the servers and the client in the lab.
Ondrej, I have not been "withholding" or "censoring" information. Instead of
dumping all data on you guys, I have tried to provide targeted information in
order to help. If you prefer otherwise, I am ok with that, but I do not
appreciate that attitude. If you and your team find this a "waste of time",
feel free to ignore this thread and do not respond.
I am testing the new MongoDB DLZ I am developing in my lab setup, and providing
the full config would not have helped at all in the first place, in my opinion.
Trying to attach them to this email, in the zip or tar.gz format seems not to
work. My emails during past hour have not shown up on the mailing list.
I'll just append them at the end of this email.
Again, my understanding is and has been, that configuring any DLZ with "search
no", and configuring a zone of type "master"
using that DLZ as the backend, creates an authoritative DNS server for that
zone. If that is the case, there should be
no difference between using a DLZ backend or a file backend in NS2 which is the
authoritative server. That is all transparent to NS1.
As I have stated from the beginning, NS1 reaches out to NS2 on 127.0.0.1:153
using UDP.
Why would NS2 NOT respond with an authoritative answer in this case? Let me ask
my question again: Is that something that needs to be implemented in the DLZ
code? (currently using dns_sdlz_putrr_t to return what is found in DB).
Wouldn't NS2 response be an "authanswer" by default since it has type master
for the zone?
* NS1 config:
/etc/bind/ns1/named.conf:
include "/etc/bind/ns1/named.conf.options";
include "/etc/bind/ns1/named.conf.log";
/etc/bind/ns1/named.conf.log:
logging {
channel bind_ns1_log {
file "/var/log/named/bind_ns1.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_ns1_log; };
category update { bind_ns1_log; };
category update-security { bind_ns1_log; };
category security { bind_ns1_log; };
category queries { bind_ns1_log; };
category lame-servers { null; };
};
/etc/bind/ns1/named.conf.options:
options {
listen-on port 53 { any; };
listen-on-v6 { none; };
directory "/var/cache/ns1";
version "secured";
recursion yes;
allow-transfer { none; };
allow-query { any; };
forwarders {
127.0.0.1 port 153;
};
forward only;
dnssec-validation yes;
statistics-file "/var/run/named.ns1.stats";
auth-nxdomain no;
};
* NS2 config:
/etc/bind/ns2/named.conf:
include "/etc/bind/ns2/named.conf.options";
include "/etc/bind/ns2/named.conf.log";
include "/etc/bind/ns2/named.conf.include";
/etc/bind/ns2/named.conf.log:
logging {
channel bind_ns2_log {
file "/var/log/named/bind_ns2.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_ns2_log; };
category update { bind_ns2_log; };
category update-security { bind_ns2_log; };
category security { bind_ns2_log; };
category queries { bind_ns2_log; };
category lame-servers { null; };
};
/etc/bind/ns2/named.conf.options:
acl local_only {
localhost;
};
options {
listen-on port 153 { 127.0.0.1; };
listen-on-v6 { none; };
directory "/var/cache/ns2";
pid-file none;
version "secured";
recursion no;
allow-transfer { none; };
allow-query { local_only; };
dnssec-validation auto;
statistics-file "/var/run/named.ns2.stats";
auth-nxdomain no;
};
controls {
inet 127.0.0.1 port 1953 allow { 127.0.0.1; };
};
/etc/bind/ns2/named.conf.include:
dlz XDB {
database "dlopen /usr/lib/bind/dlz_mongodb_mod.so <MongoDB URI> 0";
search no;
};
zone "test.com" {
type master;
dlz XDB;
allow-query { any; };
};
zone "test2.com" {
type master;
file "/etc/bind/ns2/db.test2.com";
allow-query { any; };
};
/etc/bind/ns2/db.test2.com:
$TTL 3600
@ IN SOA ns1.test2.com. admin.test2.com. (
2022111501 ; Serial
7200 ; Refresh
1800 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN NS ns1.test2.com.
IN A 10.11.11.11
ns1 IN A 10.11.11.11
Regards
Hamid Maadani
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
