how to create a private "test." zone?
Hello, I'm trying to create a private "test." zone for use in my local "testing lab". I've setup an recursive DNS server that will serve the "test." zone (in Sun host; see the network diagram bellow). The resolution of a domain in the "test" zone works as expected, eg: dig sun.test ; <<>> DiG 9.4.2-P2 <<>> sun.test ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;sun.test. IN A ;; ANSWER SECTION: sun.test. 600 IN A 192.168.2.1 ;; AUTHORITY SECTION: test. 600 IN NS sun.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:39:28 2009 ;; MSG SIZE rcvd: 56 After this, I wanted to delegate the "example.test." zone to another local DNS server of mine (the Plesk host). I did the delegation by adding the following RR in the "test." zone (in the Sun host): example IN NS plesk I tried to resolve the "example.test" domain with: dig example.test ; <<>> DiG 9.4.2-P2 <<>> example.test ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; Query time: 31 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:40:39 2009 ;; MSG SIZE rcvd: 30 Which failed... NB: I can see my local dns server sending queries to my isp dns server. But why? NB: Asking the same question directly at the Plesk DNS server works: dig example.test @plesk.test ; <<>> DiG 9.4.2-P2 <<>> example.test @plesk.test ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; ANSWER SECTION: example.test. 86400 IN A 192.168.2.10 ;; AUTHORITY SECTION: example.test. 86400 IN NS plesk.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.10#53(192.168.2.10) ;; WHEN: Sun Mar 1 10:41:43 2009 ;; MSG SIZE rcvd: 66 What I'm doing wrong in the delegation, and how can I fix it? My network diagram is: +-+ | isp | +-+ 10.0.2.3 (DNS) | ---+--- 10/24 | +-+ 10.0.2.15 +-+ | sun | |plesk| +-+ 192.168.2.1 +-+ 192.168.2.10 | | ---+-+- 192.168.2/24 isp my ISP DNS server host. sun my local DNS server host that hosts the "test." zone. NB: this is an recursive server. NB: it also forwards to "isp" dns server. NB: local resolv.conf points to 192.168.2.1 plesk my other local DNS server host that hosts the "example.test." zone. NB: this is an authoritative server only. NB: local resolv.conf points to 192.168.2.1 This is what the Sun DNS server has about the "test." zone: $TTL10m ; default TTL $ORIGIN test. ; base domain-name @ IN SOA sun hostmaster ( 2008042800 ; serial 10m; refresh 15m; retry 3w ; expire 10m; minimum ) IN NS sun sun IN A 192.168.2.1 plesk IN A 192.168.2.10 ; delegate example.test. to plesk.test. example IN NS plesk ;exampleIN A 192.168.2.10 And this is what the Plesk DNS server has about the "example.test." zone: @ IN SOA plesk.test. ironman.example.test. ( 1235830200 ; Serial 10800 ; Refresh 3600; Retry 604800 ; Expire 10800 ) ; Minimum example.test.IN NS plesk.test. example.test.IN A192.168.2.10 If you need more information, please let me known. Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private "test." zone?
Mark Andrews wrote: > Mark Andrews writes: > >> In message <49ac5d59.1010...@ruilopes.com>, Rui Lopes writes: >> >>> Hi, >>> >>> Ben Bridges wrote: >>> >>> [...] >>>> You could try creating example.test as a forward zone in named.conf on >>>> your sun server and specifying plesk as the forwarder for that zone. >>>> >>> Indeed, adding a forward zone like bellow works! but why does it work? >>> or why is it needed? >>> >>> zone "example.test" { >>> type forward; >>> // forward only; >>> // forwarders { 192.168.2.10; }; >>> }; >>> >>> Note that I only needed to include the "type forward" line, the other >>> lines do not seem to be needed. I'm I missing something? they aren't >>> really needed? By reading the bind manual it seems we have to include them >>> >> . >> >> You turned off forwarding for that namespace. >> It's the equivalent of: >> >> zone "example.test" { >> type forward; >> forwarders { /* empty */ }; >> }; >> >> >> You could have also added it to the test zones config. >> >> zone "test" { >> type master; // or slave >> > // or stub > >> ... >> forwarders { /* empty */ }; >> }; >> >> Mark >> Thanks! Why isn't bind just following the "example.test. NS plesk.test." RR that is inside the "test." zone without removing the forwarders? Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private "test." zone?
Hi, Ben Bridges wrote: > > sun > >NB: it also forwards to "isp" dns server. > If your sun server is configured to use your isp dns server as a > forwarder, then I think it will forward requests for example.test > to the isp server even though it delegated example.test to plesk. > That would seem to be supported by the fact that your sun server knows > it is not authoritative for example.test (no AA flag in response to > the query for example.test) and that you see it sending requests > to the isp server (although you don't specify that it is sending > requests to it for example.test). Ah sorry, its indeed sending requests to it for the example.test domain. > You could try creating example.test as a forward zone in named.conf on > your sun server and specifying plesk as the forwarder for that zone. Indeed, adding a forward zone like bellow works! but why does it work? or why is it needed? zone "example.test" { type forward; // forward only; // forwarders { 192.168.2.10; }; }; Note that I only needed to include the "type forward" line, the other lines do not seem to be needed. I'm I missing something? they aren't really needed? By reading the bind manual it seems we have to include them. BTW, if I try to query without recurse (and without addind the forward zone as above): dig example.test +norecurse ; <<>> DiG 9.4.2-P2 <<>> example.test +norecurse ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62293 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;example.test.INA ;; AUTHORITY SECTION: example.test.600INNSplesk.test. ;; ADDITIONAL SECTION: plesk.test.600INA192.168.2.10 ;; Query time: 1 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Mon Mar 2 22:22:40 2009 ;; MSG SIZE rcvd: 66 it seems to work (that is, it returns the NS and A record for the NS)... only when quering with recurse it fails, any ideia why? Thanks! Best regards, Rui Lopes > > > ---- > *From:* bind-users-boun...@lists.isc.org on behalf of Rui Lopes > *Sent:* Sun 3/1/2009 2:46 PM > *To:* bind-users@lists.isc.org > *Subject:* how to create a private "test." zone? > > Hello, > > I'm trying to create a private "test." zone for use in my local > "testing lab". > > I've setup an recursive DNS server that will serve the "test." zone > (in Sun host; see the network diagram bellow). > > The resolution of a domain in the "test" zone works as expected, eg: > > dig sun.test > ; <<>> DiG 9.4.2-P2 <<>> sun.test > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: > 0 > > ;; QUESTION SECTION: > ;sun.test. IN A > > ;; ANSWER SECTION: > sun.test. 600 IN A 192.168.2.1 > > ;; AUTHORITY SECTION: > test. 600 IN NS sun.test. > > ;; Query time: 2 msec > ;; SERVER: 192.168.2.1#53(192.168.2.1) > ;; WHEN: Sun Mar 1 10:39:28 2009 > ;; MSG SIZE rcvd: 56 > > > After this, I wanted to delegate the "example.test." zone to another > local DNS server of mine (the Plesk host). I did the delegation by > adding the following RR in the "test." zone (in the Sun host): > > example IN NS plesk > > > I tried to resolve the "example.test" domain with: > > dig example.test > ; <<>> DiG 9.4.2-P2 <<>> example.test > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;example.test. IN A > > ;; Query time: 31 msec > ;; SERVER: 192.168.2.1#53(192.168.2.1) > ;; WHEN: Sun Mar 1 10:40:39 2009 > ;; MSG SIZE rcvd: 30 > > > Which failed... > > NB: I can see my local dns server sending queries to my isp dns > server. But why? > > NB: Asking the same question directly at the Plesk DNS server works: > > dig example.test @plesk.test > ; <<>> DiG 9.4.2-P2 <<>> example.test @plesk.test > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2358 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITION
Re: how to create a private "test." zone?
Stephane Bortzmeyer wrote: > On Sun, Mar 01, 2009 at 08:46:11PM +, > Rui Lopes wrote > a message of 168 lines which said: > > >> I did the delegation by >> adding the following RR in the "test." zone (in the Sun host): >> >> example IN NS plesk >> > > May be an error prevented the loading of the zone? Check the SOA > serial number, as published by this server, and check BIND log files. > > [Because your setup and files seem OK.] > I've changed the serial to 2009030100 and I don't see any error on the logs: Mar 1 21:53:05 sun named[5919]: zone test/IN: loaded serial 2009030100 I've also increased the log level using: rndc trace 99 rndc querylog And checked the zone with: named-checkzone -D -d test /etc/bind/test.zone loading "test" from "/etc/bind/test.zone" class "IN" zone test/IN: loaded serial 2009030100 dumping "test" test. 600 IN SOAsun.test. hostmaster.test. 2009030100 600 900 1814400 600 test. 600 IN NSsun.test. example.test. 600 IN NSplesk.test. plesk.test. 600 IN A192.168.2.10 sun.test. 600 IN A192.168.2.1 OK Finally, checked the SOA value as: dig soa test ; <<>> DiG 9.4.2-P2 <<>> soa test ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11705 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;test.INSOA ;; ANSWER SECTION: test.600INSOAsun.test. hostmaster.test. 2009030100 600 900 1814400 600 ;; AUTHORITY SECTION: test.600INNSsun.test. ;; ADDITIONAL SECTION: sun.test.600INA192.168.2.1 ;; Query time: 1 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 21:58:22 2009 ;; MSG SIZE rcvd: 103 Still, no go. Any other suggestion? Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
how to create a private "test." zone?
Hello, I'm trying to create a private "test." zone for use in my local "testing lab". I've setup an recursive DNS server that will serve the "test." zone (in Sun host; see the network diagram bellow). The resolution of a domain in the "test" zone works as expected, eg: dig sun.test ; <<>> DiG 9.4.2-P2 <<>> sun.test ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;sun.test. IN A ;; ANSWER SECTION: sun.test. 600 IN A 192.168.2.1 ;; AUTHORITY SECTION: test. 600 IN NS sun.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:39:28 2009 ;; MSG SIZE rcvd: 56 After this, I wanted to delegate the "example.test." zone to another local DNS server of mine (the Plesk host). I did the delegation by adding the following RR in the "test." zone (in the Sun host): example IN NS plesk I tried to resolve the "example.test" domain with: dig example.test ; <<>> DiG 9.4.2-P2 <<>> example.test ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; Query time: 31 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:40:39 2009 ;; MSG SIZE rcvd: 30 Which failed... NB: I can see my local dns server sending queries to my isp dns server. But why? NB: Asking the same question directly at the Plesk DNS server works: dig example.test @plesk.test ; <<>> DiG 9.4.2-P2 <<>> example.test @plesk.test ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; ANSWER SECTION: example.test. 86400 IN A 192.168.2.10 ;; AUTHORITY SECTION: example.test. 86400 IN NS plesk.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.10#53(192.168.2.10) ;; WHEN: Sun Mar 1 10:41:43 2009 ;; MSG SIZE rcvd: 66 What I'm doing wrong in the delegation, and how can I fix it? My network diagram is: +-+ | isp | +-+ 10.0.2.3 (DNS) | ---+--- 10/24 | +-+ 10.0.2.15 +-+ | sun | |plesk| +-+ 192.168.2.1 +-+ 192.168.2.10 | | ---+-+- 192.168.2/24 isp my ISP DNS server host. sun my local DNS server host that hosts the "test." zone. NB: this is an recursive server. NB: it also forwards to "isp" dns server. NB: local resolv.conf points to 192.168.2.1 plesk my other local DNS server host that hosts the "example.test." zone. NB: this is an authoritative server only. NB: local resolv.conf points to 192.168.2.1 This is what the Sun DNS server has about the "test." zone: $TTL10m ; default TTL $ORIGIN test. ; base domain-name @ IN SOA sun hostmaster ( 2008042800 ; serial 10m; refresh 15m; retry 3w ; expire 10m; minimum ) IN NS sun sun IN A 192.168.2.1 plesk IN A 192.168.2.10 ; delegate example.test. to plesk.test. example IN NS plesk ;exampleIN A 192.168.2.10 And this is what the Plesk DNS server has about the "example.test." zone: @ IN SOA plesk.test. ironman.example.test. ( 1235830200 ; Serial 10800 ; Refresh 3600; Retry 604800 ; Expire 10800 ) ; Minimum example.test.IN NS plesk.test. example.test.IN A192.168.2.10 If you need more information, please let me known. Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users