Re: subdomain delegation question #2: (simple config)
Thanks to all of you for the great advice and insights! Everything is
working now, it was a combination of different issues and the advice
i received was invaluable to solving the issues.
Thanks again!
dalton
On Tue, May 24, 2011 at 10:36 AM, Andrey G. Sergeev (AKA Andris)
wrote:
> Hi Dalton,
>
>
> Tue, 24 May 2011 10:09:00 -0700 dalton stickney wrote:
>
>> Hi all.
>>
>> I have set up a simple bind config to test this. I am very obviously
>> missing something simple here, but i can't figure out what it is for
>> some reason.
>> I am trying to delegate name servers for the subdomain
>> sccnj04.example.com to ns sip.example.com.
>>
>> When i dig i get no error, but also no answer:
>>
>> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> ns
>> sccnj04.example.com @ns1
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8850
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
>> 0
>>
>> ;; QUESTION SECTION:
>> ;sccnj04.example.com. IN NS
>>
>> ;; AUTHORITY SECTION:
>> example.com. 86400 IN SOA ns1.example.com.
>> hostmaster.example.com.
>> 2011052405 3600 900 864000 86400
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 10.1.0.8#53(10.1.0.8)
>> ;; WHEN: Tue May 24 13:08:03 2011
>> ;; MSG SIZE rcvd: 88
>>
>>
>> Here is my simple config:
>>
>> named.conf
>>
>>
>> options {
>> directory "/var/named";
>> version "Nope.";
>> };
>>
>> zone "example.com" in {
>> type master;
>> file "example.com";
>> };
>>
>> Here is the zone file:
>>
>> $TTL 86400
>>
>> ; Start of Authority
>> example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com.
> (
>> 2011052405 ; Serial
>> 3600 ; Refresh
>> 900 ; Retry
>> 864000 ; Expire
>> 86400 ; Min TTL
>> )
>> ; Host
>>
>> sip.example.com. IN A 10.1.0.8
>> ; Nameserver
>> example.com. IN NS ns1.example.com.
>>
>> $ORIGIN sccnj04.example.com.
>> sccnj04 IN NS sip.example.com.
> ^
> You current $ORIGIN is sccnj04.example.com, so the non-FQDN label
> "sccnj04" at the line above would be sccnj04.sccnj04.example.com when
> converted to FQDN.
>
>
> --
>
> Yours sincerely,
>
> Andrey G. Sergeev (AKA Andris) http://www.andris.name/
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question #2: (simple config)
dalton stickney wrote: > ;; QUESTION SECTION: > ;sccnj04.example.com. IN NS So, you ask for sccnj04.example.com, but apparantly that's not what you have in your zonefile: > $ORIGIN sccnj04.example.com. > sccnj04 IN NS sip.example.com. The $ORIGIN will be appended here to the non-FQDN, meaning you really have: sccnj04.sccnj04.example.com. IN NS sip.example.com. Regards Eivind Olsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question #2: (simple config)
Hi Dalton,
Tue, 24 May 2011 10:09:00 -0700 dalton stickney wrote:
> Hi all.
>
> I have set up a simple bind config to test this. I am very obviously
> missing something simple here, but i can't figure out what it is for
> some reason.
> I am trying to delegate name servers for the subdomain
> sccnj04.example.com to ns sip.example.com.
>
> When i dig i get no error, but also no answer:
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> ns
> sccnj04.example.com @ns1
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8850
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
> 0
>
> ;; QUESTION SECTION:
> ;sccnj04.example.com. IN NS
>
> ;; AUTHORITY SECTION:
> example.com. 86400 IN SOA ns1.example.com.
> hostmaster.example.com.
> 2011052405 3600 900 864000 86400
>
> ;; Query time: 0 msec
> ;; SERVER: 10.1.0.8#53(10.1.0.8)
> ;; WHEN: Tue May 24 13:08:03 2011
> ;; MSG SIZE rcvd: 88
>
>
> Here is my simple config:
>
> named.conf
>
>
> options {
>directory "/var/named";
>version "Nope.";
> };
>
> zone "example.com" in {
> type master;
> file "example.com";
> };
>
> Here is the zone file:
>
> $TTL 86400
>
> ; Start of Authority
> example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com.
(
> 2011052405 ; Serial
> 3600 ; Refresh
> 900; Retry
> 864000 ; Expire
> 86400 ; Min TTL
> )
> ; Host
>
> sip.example.com. IN A 10.1.0.8
> ; Nameserver
> example.com. IN NS ns1.example.com.
>
> $ORIGIN sccnj04.example.com.
> sccnj04IN NS sip.example.com.
^
You current $ORIGIN is sccnj04.example.com, so the non-FQDN label
"sccnj04" at the line above would be sccnj04.sccnj04.example.com when
converted to FQDN.
--
Yours sincerely,
Andrey G. Sergeev (AKA Andris) http://www.andris.name/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question
Hi Dalton, Sun, 22 May 2011 17:27:17 -0700 dalton stickney wrote: > Thanks for the reply. > See output of commands below: > >> Please run these two commands and show us the results: >> dig @ns1.company.com. stor.company.com. soa +noal +comm +answ > > [dstickney@lw-lts-155 ~]$ dig @ns1.company.com stor.company.com. soa > +noal +comm +answ > > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @ns1.company.com > stor.company.com. soa +noal +comm +answ > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38942 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: > 2 > > ;; ANSWER SECTION: > stor.company.com. 86400 IN SOA ns1.company.com. > hostmaster.company.com. 2011052000 3600 900 864000 86400 Everything seems to be fine there. >> dig @sip.stor.company.com. subdomain.stor.company.com. soa +noal >> +comm +answ > > [dstickney@lw-lts-155 ~]$ dig @sip.stor.company.com > subdomain.stor.company.com soa +noal +comm +answ > > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> > @sip.stor.company.com subdomain.stor.company.com soa +noal +comm > +answ > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 50198 ^^^ > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 The status of the query is REFUSED! This usually means that either the server being queried doesn't allow the queries from the particular client (you) or this server is simply misconfigured. Remember, if you want to delegate some zone to some host then you must configure this host to accept the queries for the domain being delegated. > > > Thanks! > -dalton > > > >>> >>> -dalton >>> >>> >>> On Sun, May 22, 2011 at 2:08 PM, Doug Barton >>> wrote: Please don't use HTML mail for technical mailing lists. It made replying to this message ridiculously more difficult than necessary. On 05/22/2011 13:36, dalton stickney wrote: > > subdomain.stor.company.com IN NS sip.stor.company.com. > > stor.company.com IN NS ns2.company.com. > stor.company.com IN NS ns1.company.com. You've already delegated stor.company.com, so delegations below that need to be in the stor.company.com zone file. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question
Thanks for the reply. See output of commands below: > Please run these two commands and show us the results: > dig @ns1.company.com. stor.company.com. soa +noal +comm +answ [dstickney@lw-lts-155 ~]$ dig @ns1.company.com stor.company.com. soa +noal +comm +answ ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @ns1.company.com stor.company.com. soa +noal +comm +answ ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38942 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; ANSWER SECTION: stor.company.com. 86400 IN SOA ns1.company.com. hostmaster.company.com. 2011052000 3600 900 864000 86400 > dig @sip.stor.company.com. subdomain.stor.company.com. soa +noal +comm +answ [dstickney@lw-lts-155 ~]$ dig @sip.stor.company.com subdomain.stor.company.com soa +noal +comm +answ ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @sip.stor.company.com subdomain.stor.company.com soa +noal +comm +answ ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 50198 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 Thanks! -dalton >> >> -dalton >> >> >> On Sun, May 22, 2011 at 2:08 PM, Doug Barton >> wrote: >>> >>> Please don't use HTML mail for technical mailing lists. It made >>> replying to this message ridiculously more difficult than necessary. >>> >>> On 05/22/2011 13:36, dalton stickney wrote: subdomain.stor.company.com IN NS sip.stor.company.com. stor.company.com IN NS ns2.company.com. stor.company.com IN NS ns1.company.com. >>> >>> You've already delegated stor.company.com, so delegations below >>> that need to be in the stor.company.com zone file. >>> >>> >>> hth, >>> >>> Doug >>> >>> -- >>> >>> Nothin' ever doesn't change, but nothin' changes much. >>> -- OK Go >>> >>> Breadth of IT experience, and depth of knowledge in the DNS. >>> Yours for the right price. :) >>> http://SupersetSolutions.com/ >>> > > > -- > > Yours sincerely, > > Andrey G. Sergeev (AKA Andris) http://www.andris.name/ > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question
Hi Dalton, Sun, 22 May 2011 15:04:02 -0700 dalton stickney wrote: > Hi, thanks for the quick replies. > I apologize for the HTML, and the vagueness of the original post. > (this is my first time posting to this list) Let me give some more > specifics here: > > This is the zone file for stor.company.com, so i am trying to > delegate subdomain.stor.company.com to the nameserver with hostname > sip.stor.company.com. > > $TTL 86400 > > ; Start of Authority > stor.company.com. 86400 IN SOA ns1.company.com. hostmaster.company.com. ( > 2011052000 ; Serial > 3600 ; Refresh > 900; Retry > 864000 ; Expire > 86400 ; Min TTL > ) > > ; Host > > sip.stor.company.com. IN A 10.10.10.10 > > ; Nameserver > > subdomain.stor.company.com. IN NS sip.stor.company.com. > stor.company.com. IN NS ns2.company.com. > stor.company.com. IN NS ns1.company.com. > > I have a named.conf entry as master for stor.company.com. Please run these two commands and show us the results: dig @ns1.company.com. stor.company.com. soa +noal +comm +answ dig @sip.stor.company.com. subdomain.stor.company.com. soa +noal +comm +answ > I thought my glue record was the sip host record, but am i mistaken > about that? No, you're correct. > I have reloaded the nameserver. > > Thanks again for the help. > > -dalton > > > On Sun, May 22, 2011 at 2:08 PM, Doug Barton > wrote: >> >> Please don't use HTML mail for technical mailing lists. It made >> replying to this message ridiculously more difficult than necessary. >> >> On 05/22/2011 13:36, dalton stickney wrote: >>> >>> subdomain.stor.company.com IN NS sip.stor.company.com. >>> >>> stor.company.com IN NS ns2.company.com. >>> stor.company.com IN NS ns1.company.com. >> >> You've already delegated stor.company.com, so delegations below >> that need to be in the stor.company.com zone file. >> >> >> hth, >> >> Doug >> >> -- >> >> Nothin' ever doesn't change, but nothin' changes much. >> -- OK Go >> >> Breadth of IT experience, and depth of knowledge in the DNS. >> Yours for the right price. :) >> http://SupersetSolutions.com/ >> -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question
Hi, thanks for the quick replies. I apologize for the HTML, and the vagueness of the original post. (this is my first time posting to this list) Let me give some more specifics here: This is the zone file for stor.company.com, so i am trying to delegate subdomain.stor.company.com to the nameserver with hostname sip.stor.company.com. $TTL 86400 ; Start of Authority stor.company.com.86400 IN SOA ns1.company.com. hostmaster.company.com. ( 2011052000 ; Serial 3600 ; Refresh 900; Retry 864000 ; Expire 86400 ; Min TTL ) ; Host sip.stor.company.com.IN A 10.10.10.10 ; Nameserver subdomain.stor.company.com.IN NS sip.stor.company.com. stor.company.com.IN NS ns2.company.com. stor.company.com.IN NS ns1.company.com. I have a named.conf entry as master for stor.company.com. I thought my glue record was the sip host record, but am i mistaken about that? I have reloaded the nameserver. Thanks again for the help. -dalton On Sun, May 22, 2011 at 2:08 PM, Doug Barton wrote: > > Please don't use HTML mail for technical mailing lists. It made replying to > this message ridiculously more difficult than necessary. > > On 05/22/2011 13:36, dalton stickney wrote: >> >> subdomain.stor.company.com IN NS sip.stor.company.com. >> >> stor.company.com IN NS ns2.company.com. >> stor.company.com IN NS ns1.company.com. > > You've already delegated stor.company.com, so delegations below that need to > be in the stor.company.com zone file. > > > hth, > > Doug > > -- > > Nothin' ever doesn't change, but nothin' changes much. > -- OK Go > > Breadth of IT experience, and depth of knowledge in the DNS. > Yours for the right price. :) http://SupersetSolutions.com/ > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question
> Date: Sun, 22 May 2011 13:36:43 -0700 > From: dalton stickney > Sender: bind-users-bounces+oberman=es@lists.isc.org > > Hello all > , > I have what may be an easy question here, but it's been a while since I did > much with Bind, so I'm not entirely sure if I'm doing something wrong here. > > What I'm trying to do, should be relatively simple i think, but for some > reason i cannot get it to work. I'm trying to delegate a subdomain to a > separate nameserver. > > My zone file looks like this: > > $TTL 86400 > > > ; Start of Authority > > stor.company.com.86400 IN SOA ns1.company.com. > hostmaster.company.com. ( > > 2011052000 ; Serial > > 3600 ; Refresh > > 900; Retry > > 864000 ; Expire > > 86400 ; Min TTL > > ) > > ; Host > > > sip.stor.company.com.IN A 10.10.10.10 > > > ; Nameserver > > > subdomain.stor.company.com.IN NS sip.stor.company.com. > > > stor.company.com.IN NS ns2.company.com. > > stor.company.com.IN NS ns1.company.com. > > > I have the appropriate entry for stor.company.com in named.conf. > > > I can resolve the nameserver for the subdomain: sip.stor.company.com. > > > But i cannot dig for ns for subdomain.stor.company.com, it times out. > > > Am I missing something obvious in my config? Several questions come to mind: 1. Do you have a glue record for sip.stor.company.com? If not, you will get timeouts. 2. You wrote "I have the appropriate entry for stor.company.com in named.conf.", but you don't give us an idea of what you mean by appropriate. I think the first item is the real problem. Glue records often confuse people. Also, the SOA has a Min TTL of 1 day. This is seriously long, but people often don't understand what this value means in modern DNS servers. It does not mean the minimum TTL for a record in the zone. It ie really the TTL for negative cache entries and is usually a few minutes, not hours or days. If you get a NXDOMAIN for a domain that is not QUITE on line, you will continue to get that answer for a full day before it will actually be checked again. This is a fail-safe mechanism to control load on servers, but checking every 10 or 15 minutes is not a serious load. Fortunately, BIND has a sanity check that limits min TTL to 3 hours, so yours is not as bad as it seems, but I'd really suggest changing it. (See the ARM Chapter 6 "Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question
Hi Dalton, Sun, 22 May 2011 13:36:43 -0700 dalton stickney wrote: > Hello all, > I have what may be an easy question here, but it's been a while since > I did much with Bind, so I'm not entirely sure if I'm doing something > wrong here. > > What I'm trying to do, should be relatively simple i think, but for > some reason i cannot get it to work. I'm trying to delegate a > subdomain to a separate nameserver. > > My zone file looks like this: > > $TTL 86400 > > ; Start of Authority > > stor.company.com. 86400 IN SOA ns1.company.com. hostmaster.company.com. ( > > 2011052000 ; Serial > 3600 ; Refresh > 900; Retry > 864000 ; Expire > 86400 ; Min TTL This is not a "Min TTL" but a "Minimum Negative TTL" instead. > ) > > ; Host > > sip.stor.company.com. IN A 10.10.10.10 It looks like that your $ORIGIN is "stor.company.com". Start tidying your zone file by reading the section 3.2 "Zone file style guide" of RFC 1912 "Common DNS Operational and Configuration Errors" available at http://www.rfc-editor.org/rfc/rfc1912.txt . You don't have to specify your $ORIGIN every time so the line quoted above can be edited as sip IN A 10.10.10.10 > > ; Nameserver > > subdomain.stor.company.com. IN NS sip.stor.company.com. > stor.company.com. IN NS ns2.company.com. > stor.company.com. IN NS ns1.company.com. > > I have the appropriate entry for stor.company.com in named.conf. > I can resolve the nameserver for the subdomain: sip.stor.company.com. sip.stor.company.com isn't a subdomain but a hostname which is used as a nameserver for subdomain.stor.company.com. > But i cannot dig for ns for subdomain.stor.company.com, it times out. Which servers are listed as a resolvers on your machine on which you're running dig? If this is an UNIX machine, please show us your /etc/resolv.conf and comment it. Have you reloaded the zone stor.company.com properly? -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: subdomain delegation question
Please don't use HTML mail for technical mailing lists. It made replying to this message ridiculously more difficult than necessary. On 05/22/2011 13:36, dalton stickney wrote: subdomain.stor.company.com IN NS sip.stor.company.com. stor.company.com IN NS ns2.company.com. stor.company.com IN NS ns1.company.com. You've already delegated stor.company.com, so delegations below that need to be in the stor.company.com zone file. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
