how to create a private test. zone?
Hello, I'm trying to create a private test. zone for use in my local testing lab. I've setup an recursive DNS server that will serve the test. zone (in Sun host; see the network diagram bellow). The resolution of a domain in the test zone works as expected, eg: dig sun.test ; DiG 9.4.2-P2 sun.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 65413 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;sun.test. IN A ;; ANSWER SECTION: sun.test. 600 IN A 192.168.2.1 ;; AUTHORITY SECTION: test. 600 IN NS sun.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:39:28 2009 ;; MSG SIZE rcvd: 56 After this, I wanted to delegate the example.test. zone to another local DNS server of mine (the Plesk host). I did the delegation by adding the following RR in the test. zone (in the Sun host): example IN NS plesk I tried to resolve the example.test domain with: dig example.test ; DiG 9.4.2-P2 example.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 20407 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; Query time: 31 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:40:39 2009 ;; MSG SIZE rcvd: 30 Which failed... NB: I can see my local dns server sending queries to my isp dns server. But why? NB: Asking the same question directly at the Plesk DNS server works: dig example.test @plesk.test ; DiG 9.4.2-P2 example.test @plesk.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 2358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; ANSWER SECTION: example.test. 86400 IN A 192.168.2.10 ;; AUTHORITY SECTION: example.test. 86400 IN NS plesk.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.10#53(192.168.2.10) ;; WHEN: Sun Mar 1 10:41:43 2009 ;; MSG SIZE rcvd: 66 What I'm doing wrong in the delegation, and how can I fix it? My network diagram is: +-+ | isp | +-+ 10.0.2.3 (DNS) | ---+--- 10/24 | +-+ 10.0.2.15 +-+ | sun | |plesk| +-+ 192.168.2.1 +-+ 192.168.2.10 | | ---+-+- 192.168.2/24 isp my ISP DNS server host. sun my local DNS server host that hosts the test. zone. NB: this is an recursive server. NB: it also forwards to isp dns server. NB: local resolv.conf points to 192.168.2.1 plesk my other local DNS server host that hosts the example.test. zone. NB: this is an authoritative server only. NB: local resolv.conf points to 192.168.2.1 This is what the Sun DNS server has about the test. zone: $TTL10m ; default TTL $ORIGIN test. ; base domain-name @ IN SOA sun hostmaster ( 2008042800 ; serial 10m; refresh 15m; retry 3w ; expire 10m; minimum ) IN NS sun sun IN A 192.168.2.1 plesk IN A 192.168.2.10 ; delegate example.test. to plesk.test. example IN NS plesk ;exampleIN A 192.168.2.10 And this is what the Plesk DNS server has about the example.test. zone: @ IN SOA plesk.test. ironman.example.test. ( 1235830200 ; Serial 10800 ; Refresh 3600; Retry 604800 ; Expire 10800 ) ; Minimum example.test.IN NS plesk.test. example.test.IN A192.168.2.10 If you need more information, please let me known. Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private test. zone?
In message 49ace778.6040...@ruilopes.com, Rui Lopes writes:
Mark Andrews wrote:
Mark Andrews writes:
In message 49ac5d59.1010...@ruilopes.com, Rui Lopes writes:
Hi,
Ben Bridges wrote:
[...]
You could try creating example.test as a forward zone in named.conf on
your sun server and specifying plesk as the forwarder for that zone.
Indeed, adding a forward zone like bellow works! but why does it work?
or why is it needed?
zone example.test {
type forward;
// forward only;
// forwarders { 192.168.2.10; };
};
Note that I only needed to include the type forward line, the other
lines do not seem to be needed. I'm I missing something? they aren't
really needed? By reading the bind manual it seems we have to include th
em
.
You turned off forwarding for that namespace.
It's the equivalent of:
zone example.test {
type forward;
forwarders { /* empty */ };
};
You could have also added it to the test zones config.
zone test {
type master; // or slave
// or stub
...
forwarders { /* empty */ };
};
Mark
Thanks!
Why isn't bind just following the example.test. NS plesk.test. RR that
is inside the test. zone without removing the forwarders?
Because you have a forwarding turned on at the options/view
level. Unless you have a special reason (like you can't
reach the root servers) that requires forwarding I don't
recommend using it.
Mark
Best regards,
Rui Lopes
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private test. zone?
Rui Lopes wrote:
Mark Andrews wrote:
Mark Andrews writes:
In message 49ac5d59.1010...@ruilopes.com, Rui Lopes writes:
Hi,
Ben Bridges wrote:
[...]
You could try creating example.test as a forward zone in named.conf on
your sun server and specifying plesk as the forwarder for that zone.
Indeed, adding a forward zone like bellow works! but why does it work?
or why is it needed?
zone example.test {
type forward;
// forward only;
// forwarders { 192.168.2.10; };
};
Note that I only needed to include the type forward line, the other
lines do not seem to be needed. I'm I missing something? they aren't
really needed? By reading the bind manual it seems we have to include them
.
You turned off forwarding for that namespace.
It's the equivalent of:
zone example.test {
type forward;
forwarders { /* empty */ };
};
You could have also added it to the test zones config.
zone test {
type master; // or slave
// or stub
...
forwarders { /* empty */ };
};
Mark
Thanks!
Why isn't bind just following the example.test. NS plesk.test. RR that
is inside the test. zone without removing the forwarders?
It's the result of a couple deliberate design decisions.
When named tries to resolve a name, it looks at the zones which are
explicitly defined in its config. If the name isn't contained in any of
them, then, by BIND's design, it looks to see what the closest
applicable forward statement is, if any. Example.test is *outside* of
the test zone you have defined, so:
BEFORE (no forward defined in the test zone): it finds your global
forwarders and uses them to resolve example.test names.
AFTER (a forward defined in the test zone, with an empty forwarders
list): it finds the test forwarders (since they're closer than the
global forwarders, which are considered to be at the root) and uses them.
The other deliberate design decision is that the resolver algorithm
interprets an empty forwarders list to mean don't forward at all. So
when it finds the empty forwarders list for test it follows the
example.test delegation records and resolves as you expected it to.
- Kevin
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private test. zone?
In article goip2j$2a0...@sf1.isc.org, Rui Lopes r...@ruilopes.com wrote: Why isn't bind just following the example.test. NS plesk.test. RR that is inside the test. zone without removing the forwarders? Because the point of configuring forwarders is to use them INSTEAD of following NS records. Forwarders are generally used when the server doesn't have direct access to the Internet, so it can't reach the nameservers named in NS records. The basic algorithm is this: If we're authoritative for the zone, return the answer. If the answer is already cached, return it. If there's a forward zone for it, obey it (send to its forwarders if any, otherwise follow NS records). If there's global forwarding enabled, send to them. Follow the NS records. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private test. zone?
Hi,
Ben Bridges wrote:
sun
NB: it also forwards to isp dns server.
If your sun server is configured to use your isp dns server as a
forwarder, then I think it will forward requests for example.test
to the isp server even though it delegated example.test to plesk.
That would seem to be supported by the fact that your sun server knows
it is not authoritative for example.test (no AA flag in response to
the query for example.test) and that you see it sending requests
to the isp server (although you don't specify that it is sending
requests to it for example.test).
Ah sorry, its indeed sending requests to it for the example.test domain.
You could try creating example.test as a forward zone in named.conf on
your sun server and specifying plesk as the forwarder for that zone.
Indeed, adding a forward zone like bellow works! but why does it work?
or why is it needed?
zone example.test {
type forward;
// forward only;
// forwarders { 192.168.2.10; };
};
Note that I only needed to include the type forward line, the other
lines do not seem to be needed. I'm I missing something? they aren't
really needed? By reading the bind manual it seems we have to include them.
BTW, if I try to query without recurse (and without addind the forward
zone as above):
dig example.test +norecurse
; DiG 9.4.2-P2 example.test +norecurse
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 62293
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;example.test.INA
;; AUTHORITY SECTION:
example.test.600INNSplesk.test.
;; ADDITIONAL SECTION:
plesk.test.600INA192.168.2.10
;; Query time: 1 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Mon Mar 2 22:22:40 2009
;; MSG SIZE rcvd: 66
it seems to work (that is, it returns the NS and A record for the NS)...
only when quering with recurse it fails, any ideia why?
Thanks!
Best regards,
Rui Lopes
*From:* bind-users-boun...@lists.isc.org on behalf of Rui Lopes
*Sent:* Sun 3/1/2009 2:46 PM
*To:* bind-users@lists.isc.org
*Subject:* how to create a private test. zone?
Hello,
I'm trying to create a private test. zone for use in my local
testing lab.
I've setup an recursive DNS server that will serve the test. zone
(in Sun host; see the network diagram bellow).
The resolution of a domain in the test zone works as expected, eg:
dig sun.test
; DiG 9.4.2-P2 sun.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 65413
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
0
;; QUESTION SECTION:
;sun.test. IN A
;; ANSWER SECTION:
sun.test. 600 IN A 192.168.2.1
;; AUTHORITY SECTION:
test. 600 IN NS sun.test.
;; Query time: 2 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Sun Mar 1 10:39:28 2009
;; MSG SIZE rcvd: 56
After this, I wanted to delegate the example.test. zone to another
local DNS server of mine (the Plesk host). I did the delegation by
adding the following RR in the test. zone (in the Sun host):
example IN NS plesk
I tried to resolve the example.test domain with:
dig example.test
; DiG 9.4.2-P2 example.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 20407
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.test. IN A
;; Query time: 31 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Sun Mar 1 10:40:39 2009
;; MSG SIZE rcvd: 30
Which failed...
NB: I can see my local dns server sending queries to my isp dns
server. But why?
NB: Asking the same question directly at the Plesk DNS server works:
dig example.test @plesk.test
; DiG 9.4.2-P2 example.test @plesk.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 2358
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
0
;; QUESTION SECTION:
;example.test. IN A
;; ANSWER SECTION:
example.test. 86400 IN A 192.168.2.10
;; AUTHORITY SECTION:
example.test. 86400 IN NS plesk.test.
;; Query time: 2 msec
;; SERVER: 192.168.2.10#53(192.168.2.10)
;; WHEN: Sun Mar 1 10:41:43 2009
;; MSG SIZE rcvd: 66
What I'm doing wrong in the delegation, and how can I fix it?
My network diagram is:
+-+
| isp |
+-+ 10.0.2.3 (DNS)
|
---+--- 10/24
|
+-+ 10.0.2.15 +-+
| sun | |plesk
Re: how to create a private test. zone?
In message 49ac5d59.1010...@ruilopes.com, Rui Lopes writes:
Hi,
Ben Bridges wrote:
sun
NB: it also forwards to isp dns server.
If your sun server is configured to use your isp dns server as a
forwarder, then I think it will forward requests for example.test
to the isp server even though it delegated example.test to plesk.
That would seem to be supported by the fact that your sun server knows
it is not authoritative for example.test (no AA flag in response to
the query for example.test) and that you see it sending requests
to the isp server (although you don't specify that it is sending
requests to it for example.test).
Ah sorry, its indeed sending requests to it for the example.test domain.
You could try creating example.test as a forward zone in named.conf on
your sun server and specifying plesk as the forwarder for that zone.
Indeed, adding a forward zone like bellow works! but why does it work?
or why is it needed?
zone example.test {
type forward;
// forward only;
// forwarders { 192.168.2.10; };
};
Note that I only needed to include the type forward line, the other
lines do not seem to be needed. I'm I missing something? they aren't
really needed? By reading the bind manual it seems we have to include them.
You turned off forwarding for that namespace.
It's the equivalent of:
zone example.test {
type forward;
forwarders { /* empty */ };
};
You could have also added it to the test zones config.
zone test {
type master; // or slave
...
forwarders { /* empty */ };
};
Mark
BTW, if I try to query without recurse (and without addind the forward
zone as above):
dig example.test +norecurse
; DiG 9.4.2-P2 example.test +norecurse
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 62293
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;example.test.INA
;; AUTHORITY SECTION:
example.test.600INNSplesk.test.
;; ADDITIONAL SECTION:
plesk.test.600INA192.168.2.10
;; Query time: 1 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Mon Mar 2 22:22:40 2009
;; MSG SIZE rcvd: 66
it seems to work (that is, it returns the NS and A record for the NS)...
only when quering with recurse it fails, any ideia why?
Thanks!
Best regards,
Rui Lopes
*From:* bind-users-boun...@lists.isc.org on behalf of Rui Lopes
*Sent:* Sun 3/1/2009 2:46 PM
*To:* bind-users@lists.isc.org
*Subject:* how to create a private test. zone?
Hello,
I'm trying to create a private test. zone for use in my local
testing lab.
I've setup an recursive DNS server that will serve the test. zone
(in Sun host; see the network diagram bellow).
The resolution of a domain in the test zone works as expected, eg:
dig sun.test
; DiG 9.4.2-P2 sun.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 65413
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
0
;; QUESTION SECTION:
;sun.test. IN A
;; ANSWER SECTION:
sun.test. 600 IN A 192.168.2.1
;; AUTHORITY SECTION:
test. 600 IN NS sun.test.
;; Query time: 2 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Sun Mar 1 10:39:28 2009
;; MSG SIZE rcvd: 56
After this, I wanted to delegate the example.test. zone to another
local DNS server of mine (the Plesk host). I did the delegation by
adding the following RR in the test. zone (in the Sun host):
example IN NS plesk
I tried to resolve the example.test domain with:
dig example.test
; DiG 9.4.2-P2 example.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 20407
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.test. IN A
;; Query time: 31 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Sun Mar 1 10:40:39 2009
;; MSG SIZE rcvd: 30
Which failed...
NB: I can see my local dns server sending queries to my isp dns
server. But why?
NB: Asking the same question directly at the Plesk DNS server works:
dig example.test @plesk.test
; DiG 9.4.2-P2 example.test @plesk.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 2358
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
0
;; QUESTION SECTION
how to create a private test. zone?
Hello, I'm trying to create a private test. zone for use in my local testing lab. I've setup an recursive DNS server that will serve the test. zone (in Sun host; see the network diagram bellow). The resolution of a domain in the test zone works as expected, eg: dig sun.test ; DiG 9.4.2-P2 sun.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 65413 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;sun.test. IN A ;; ANSWER SECTION: sun.test. 600 IN A 192.168.2.1 ;; AUTHORITY SECTION: test. 600 IN NS sun.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:39:28 2009 ;; MSG SIZE rcvd: 56 After this, I wanted to delegate the example.test. zone to another local DNS server of mine (the Plesk host). I did the delegation by adding the following RR in the test. zone (in the Sun host): example IN NS plesk I tried to resolve the example.test domain with: dig example.test ; DiG 9.4.2-P2 example.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 20407 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; Query time: 31 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:40:39 2009 ;; MSG SIZE rcvd: 30 Which failed... NB: I can see my local dns server sending queries to my isp dns server. But why? NB: Asking the same question directly at the Plesk DNS server works: dig example.test @plesk.test ; DiG 9.4.2-P2 example.test @plesk.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 2358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; ANSWER SECTION: example.test. 86400 IN A 192.168.2.10 ;; AUTHORITY SECTION: example.test. 86400 IN NS plesk.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.10#53(192.168.2.10) ;; WHEN: Sun Mar 1 10:41:43 2009 ;; MSG SIZE rcvd: 66 What I'm doing wrong in the delegation, and how can I fix it? My network diagram is: +-+ | isp | +-+ 10.0.2.3 (DNS) | ---+--- 10/24 | +-+ 10.0.2.15 +-+ | sun | |plesk| +-+ 192.168.2.1 +-+ 192.168.2.10 | | ---+-+- 192.168.2/24 isp my ISP DNS server host. sun my local DNS server host that hosts the test. zone. NB: this is an recursive server. NB: it also forwards to isp dns server. NB: local resolv.conf points to 192.168.2.1 plesk my other local DNS server host that hosts the example.test. zone. NB: this is an authoritative server only. NB: local resolv.conf points to 192.168.2.1 This is what the Sun DNS server has about the test. zone: $TTL10m ; default TTL $ORIGIN test. ; base domain-name @ IN SOA sun hostmaster ( 2008042800 ; serial 10m; refresh 15m; retry 3w ; expire 10m; minimum ) IN NS sun sun IN A 192.168.2.1 plesk IN A 192.168.2.10 ; delegate example.test. to plesk.test. example IN NS plesk ;exampleIN A 192.168.2.10 And this is what the Plesk DNS server has about the example.test. zone: @ IN SOA plesk.test. ironman.example.test. ( 1235830200 ; Serial 10800 ; Refresh 3600; Retry 604800 ; Expire 10800 ) ; Minimum example.test.IN NS plesk.test. example.test.IN A192.168.2.10 If you need more information, please let me known. Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private test. zone?
On Sun, Mar 01, 2009 at 08:46:11PM +, Rui Lopes r...@ruilopes.com wrote a message of 168 lines which said: I did the delegation by adding the following RR in the test. zone (in the Sun host): example IN NS plesk May be an error prevented the loading of the zone? Check the SOA serial number, as published by this server, and check BIND log files. [Because your setup and files seem OK.] ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private test. zone?
Stephane Bortzmeyer wrote: On Sun, Mar 01, 2009 at 08:46:11PM +, Rui Lopes r...@ruilopes.com wrote a message of 168 lines which said: I did the delegation by adding the following RR in the test. zone (in the Sun host): example IN NS plesk May be an error prevented the loading of the zone? Check the SOA serial number, as published by this server, and check BIND log files. [Because your setup and files seem OK.] I've changed the serial to 2009030100 and I don't see any error on the logs: Mar 1 21:53:05 sun named[5919]: zone test/IN: loaded serial 2009030100 I've also increased the log level using: rndc trace 99 rndc querylog And checked the zone with: named-checkzone -D -d test /etc/bind/test.zone loading test from /etc/bind/test.zone class IN zone test/IN: loaded serial 2009030100 dumping test test. 600 IN SOAsun.test. hostmaster.test. 2009030100 600 900 1814400 600 test. 600 IN NSsun.test. example.test. 600 IN NSplesk.test. plesk.test. 600 IN A192.168.2.10 sun.test. 600 IN A192.168.2.1 OK Finally, checked the SOA value as: dig soa test ; DiG 9.4.2-P2 soa test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 11705 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;test.INSOA ;; ANSWER SECTION: test.600INSOAsun.test. hostmaster.test. 2009030100 600 900 1814400 600 ;; AUTHORITY SECTION: test.600INNSsun.test. ;; ADDITIONAL SECTION: sun.test.600INA192.168.2.1 ;; Query time: 1 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 21:58:22 2009 ;; MSG SIZE rcvd: 103 Still, no go. Any other suggestion? Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: how to create a private test. zone?
sun NB: it also forwards to isp dns server. If your sun server is configured to use your isp dns server as a forwarder, then I think it will forward requests for example.test to the isp server even though it delegated example.test to plesk. That would seem to be supported by the fact that your sun server knows it is not authoritative for example.test (no AA flag in response to the query for example.test) and that you see it sending requests to the isp server (although you don't specify that it is sending requests to it for example.test). You could try creating example.test as a forward zone in named.conf on your sun server and specifying plesk as the forwarder for that zone. From: bind-users-boun...@lists.isc.org on behalf of Rui Lopes Sent: Sun 3/1/2009 2:46 PM To: bind-users@lists.isc.org Subject: how to create a private test. zone? Hello, I'm trying to create a private test. zone for use in my local testing lab. I've setup an recursive DNS server that will serve the test. zone (in Sun host; see the network diagram bellow). The resolution of a domain in the test zone works as expected, eg: dig sun.test ; DiG 9.4.2-P2 sun.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 65413 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;sun.test. IN A ;; ANSWER SECTION: sun.test. 600 IN A 192.168.2.1 ;; AUTHORITY SECTION: test. 600 IN NS sun.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:39:28 2009 ;; MSG SIZE rcvd: 56 After this, I wanted to delegate the example.test. zone to another local DNS server of mine (the Plesk host). I did the delegation by adding the following RR in the test. zone (in the Sun host): example IN NS plesk I tried to resolve the example.test domain with: dig example.test ; DiG 9.4.2-P2 example.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 20407 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; Query time: 31 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:40:39 2009 ;; MSG SIZE rcvd: 30 Which failed... NB: I can see my local dns server sending queries to my isp dns server. But why? NB: Asking the same question directly at the Plesk DNS server works: dig example.test @plesk.test ; DiG 9.4.2-P2 example.test @plesk.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 2358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; ANSWER SECTION: example.test. 86400 IN A 192.168.2.10 ;; AUTHORITY SECTION: example.test. 86400 IN NS plesk.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.10#53(192.168.2.10) ;; WHEN: Sun Mar 1 10:41:43 2009 ;; MSG SIZE rcvd: 66 What I'm doing wrong in the delegation, and how can I fix it? My network diagram is: +-+ | isp | +-+ 10.0.2.3 (DNS) | ---+--- 10/24 | +-+ 10.0.2.15 +-+ | sun | |plesk| +-+ 192.168.2.1 +-+ 192.168.2.10 | | ---+-+- 192.168.2/24 isp my ISP DNS server host. sun my local DNS server host that hosts the test. zone. NB: this is an recursive server. NB: it also forwards to isp dns server. NB: local resolv.conf points to 192.168.2.1 plesk my other local DNS server host that hosts the example.test. zone. NB: this is an authoritative server only. NB: local resolv.conf points to 192.168.2.1 This is what the Sun DNS server has about the test. zone: $TTL10m ; default TTL $ORIGIN test. ; base domain-name @ IN SOA sun hostmaster ( 2008042800 ; serial 10m; refresh 15m; retry 3w ; expire 10m; minimum ) IN NS sun sun IN A 192.168.2.1 plesk IN A 192.168.2.10 ; delegate example.test. to plesk.test. example IN NS plesk ;exampleIN A 192.168.2.10 And this is what the Plesk DNS server has about the example.test. zone: @ IN SOA plesk.test
