Re: apache-dns cname-vhost
On Wednesday 16 January 2002 19:59, martin f krafft wrote: also sprach Jesse [EMAIL PROTECTED] [2002.01.16.2031 +0100]: however, you can't place vhost.com. IN CNAME ... into a zone for our.real.domain. maybe it would even work, but you need a separate zone file for each. It did work believe it or not :) i tried it, and: Jan 16 22:00:30.735 general: warning: dns_master_load: var/zones/madduck.net/db.zone:59: ignoring out-of-zone data (www2.belligerence.net) what BIND are you running? BIND 9.2.1 over here... You're right. It doesn't work. It appears I was checking the wrong nameserver. Doh! Jesse -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache-dns cname-vhost
On Wednesday 16 January 2002 19:59, martin f krafft wrote: also sprach Jesse [EMAIL PROTECTED] [2002.01.16.2031 +0100]: however, you can't place vhost.com. IN CNAME ... into a zone for our.real.domain. maybe it would even work, but you need a separate zone file for each. It did work believe it or not :) i tried it, and: Jan 16 22:00:30.735 general: warning: dns_master_load: var/zones/madduck.net/db.zone:59: ignoring out-of-zone data (www2.belligerence.net) what BIND are you running? BIND 9.2.1 over here... Yeah, it didn't work. I'm having some problems getting things working here (which is why I'm slow on the email responses, I had pissed off users, and a very understanding boss to deal with). Using you're tips I was able to get DNS to load without any errors. Thanks. However, I messed up, and had to revert back to the original configuration. Below I detail my situation and ask for help as I'm getting confused. We have a caching only nameserver on our firewall. Apparently, whoever setup the original DNS on that machine had to put zone files in there pointing to our internal host in order for the local lan to access our hosted sites. The caching nameserver's A records all use a 192.168.1.XXX address to point to the internal server. The internal server is running DNS and all it's A records use the actual registered (is that the right word?) static IP of our external (Internet connected) firewall. This seems backwards to me but for some reason this works. Following are some things that have me confused: 1. How does the actual IP address translation happen? If external requests hit our caching nameserver which then points to an internal IP, does the caching nameserver query the internal one, and then pass the IP address it gets back from the internal nameserver to the external request? If that's so, then having the A records on the caching nameserver point to local IP's makes sense. It seems weird to me that a caching only nameserver would need A records at all but I'm new to this and haven't seen any documentation that addresses this specifically. 2. The mail services are currently defined using A records something like this: mail.ourdomain.com IN A ip_address where ip_address is a local ip on the caching nameserver and the registered ip on the internal server. I tried changing these to MX records and mail just died. I used this form: mail.ourdomain.com IN MX 10 ourdomain.com. I believe this problem is due to something more fundamental to our DNS configuration, but I'm not sure. I appreciate your patience and help in this. It seems I poisoned the dns service when I dove in without examining everything properly before I started. Since then, I've reverted to our previous configuration and the dns servers out there seem to be catching up now. Thanks again. Jesse -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache-dns cname-vhost
also sprach Jesse [EMAIL PROTECTED] [2002.01.18.1939 +0100]: We have a caching only nameserver on our firewall. Apparently, whoever setup the original DNS on that machine had to put zone files in there pointing to our internal host in order for the local lan to access our hosted sites. The caching nameserver's A records all use a 192.168.1.XXX address to point to the internal server. if it's caching-only, why does it even have A records? it shouldn't have a zone, and there is no reason why you have to put one there. The internal server is running DNS and all it's A records use the actual registered (is that the right word?) static IP official/global would be better. 1. How does the actual IP address translation happen? If external requests hit our caching nameserver which then points to an internal IP, does the caching nameserver query the internal one, and then pass the IP address it gets back from the internal nameserver to the external request? if you want me to answer this, then send the named.conf of all involved servers, and all zone files to me privately. also include a topological map of your network, and how you want it to work ideally. 2. The mail services are currently defined using A records something like this: mail.ourdomain.com IN A ip_address where ip_address is a local ip on the caching nameserver and the registered ip on the internal server. I tried changing these to MX records and mail just died. I used this form: mail.ourdomain.com IN MX 10 ourdomain.com. what's the MTA? again, i need to see the zone files for that. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck 1-800-psych hello, welcome to the psychiatric hotline. if you are co-dependent, please ask someone to press 2. msg04917/pgp0.pgp Description: PGP signature
Re: apache-dns cname-vhost
On 16 Jan 2002, at 11:37, Jesse wrote: [...] And then just let apache handle the name based vhosts? Is it really necessary to have a seperate zone file for each vhost? Since Martin has discussed the bind part, I'll try to explain the apache bit in somewhat common language. Think it a two step process. You have the IP and the domain name. Step one will only care for the IP, step two only for the domain name. Apache will listen to one or several IPs (any IP per default). When it gets an HTTP request on port 80 (or 443 for https or whatever you configured) it will read the HTTP request. As defined in RFC 2616 for HTTP 1.1 the name of domain name is send with the HTTP request (other than in HTTP 1.0) GET /index.html HTTP/1.1 Host: www.yourdomain.com From here (step 2) Apache will not care for the IP anymore and will work with the host name (www.yourdomain.com) It will try to find a virtual host section with either a matching ServerName or ServerAlias statement. All you have to do is to make sure a) Apache listens to right IP(s): BindAddress * http://httpd.apache.org/docs/mod/core.html#bindaddress b) you have this/These IP(s) configured to behave as Name Based Virtual Hosts: NameVirtualHost 111.22.33.44 http://httpd.apache.org/docs/mod/core.html#namevirtualhost c) your Virtual host belongs to that IP VirtualHost 111.22.33.44 VirtualHost can have several IPs or you could even use _default_ for any IP http://httpd.apache.org/docs/mod/core.html#virtualhost The ServerName doesn't even have to be a fully qualified name. For example, I sometimes add a line to my /etc/hosts file (or a hosts file in a Windooze directory ;-) like 192.168.1.1 internaltest and add a virtual host with VirtualHost 192.168.1.1 ServerName internaltest ... Now I can just enter internaltest in my browser an my Apache on 192.168.1.1 will respond with the proper content. hih, Marcel -- __ .´ `. : :' ! Enjoy `. `´ Debian/GNU Linux `- Now even on the 5 Euro banknote! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache-dns cname-vhost
On 16 Jan 2002, at 11:37, Jesse wrote: [...] And then just let apache handle the name based vhosts? Is it really necessary to have a seperate zone file for each vhost? Since Martin has discussed the bind part, I'll try to explain the apache bit in somewhat common language. Think it a two step process. You have the IP and the domain name. Step one will only care for the IP, step two only for the domain name. Apache will listen to one or several IPs (any IP per default). When it gets an HTTP request on port 80 (or 443 for https or whatever you configured) it will read the HTTP request. As defined in RFC 2616 for HTTP 1.1 the name of domain name is send with the HTTP request (other than in HTTP 1.0) GET /index.html HTTP/1.1 Host: www.yourdomain.com From here (step 2) Apache will not care for the IP anymore and will work with the host name (www.yourdomain.com) It will try to find a virtual host section with either a matching ServerName or ServerAlias statement. All you have to do is to make sure a) Apache listens to right IP(s): BindAddress * http://httpd.apache.org/docs/mod/core.html#bindaddress b) you have this/These IP(s) configured to behave as Name Based Virtual Hosts: NameVirtualHost 111.22.33.44 http://httpd.apache.org/docs/mod/core.html#namevirtualhost c) your Virtual host belongs to that IP VirtualHost 111.22.33.44 VirtualHost can have several IPs or you could even use _default_ for any IP http://httpd.apache.org/docs/mod/core.html#virtualhost The ServerName doesn't even have to be a fully qualified name. For example, I sometimes add a line to my /etc/hosts file (or a hosts file in a Windooze directory ;-) like 192.168.1.1 internaltest and add a virtual host with VirtualHost 192.168.1.1 ServerName internaltest ... Now I can just enter internaltest in my browser an my Apache on 192.168.1.1 will respond with the proper content. hih, Marcel -- __ .´ `. : :' ! Enjoy `. `´ Debian/GNU Linux `- Now even on the 5 Euro banknote!
Re: apache-dns cname-vhost
On Wednesday 16 January 2002 12:58, martin f krafft wrote: also sprach Jesse [EMAIL PROTECTED] [2002.01.16.1737 +0100]: [...] yes, absolutely. however, you can't place vhost.com. IN CNAME ... into a zone for our.real.domain. maybe it would even work, but you need a separate zone file for each. It did work believe it or not :) whether they actually use A records to point to the IP, or CNAMEs to point to our.real.domain. doesn't matter in terms of apache. i'd prefer A records (CNAMEs are said to be deprecated), but in terms of functionality, they are the same. A records will be more flexible and transparent... [...] And then just let apache handle the name based vhosts? Is it really necessary to have a seperate zone file for each vhost? yes. and yes. let me elaborate on the second. the named.conf zone statement tells BIND to be authoritative for a zone. thus, you will have something lik: zone our.real.domain IN { type master; file ... }; in named.conf. when BIND now gets a request for our.real.domain, it says yes, i am surely the right one to ask as i am authoritative for this domain, and then answers the query with information from the zone file. if you get a request for www.vhost1.com, then BIND will look for a statement zone vhost1.com IN { ... } I didn't realize this was how it worked. Thanks. but since it can't find it, it then either goes out to obtain the info from other nameservers (usually not, that's the job of a resolver/forwarder, not of a name server. BIND can do it though), or it simply says sorry, wrong place to ask. it will surely not be smart enough to remember that you defined vhost1.com. (even with terminating dot) in our.real.domain. does this make sense? Yes this makes sense. One more question though. What about reverse zones. Do I need one for each? I'm not sure how that works but it seems that getting the correct name back from one IP will be a little difficult? Is it possible to just do a reverse zone for the 192.168.1.0 net? Thanks for your help, Jesse -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache-dns cname-vhost
also sprach Jesse [EMAIL PROTECTED] [2002.01.16.2031 +0100]: however, you can't place vhost.com. IN CNAME ... into a zone for our.real.domain. It did work believe it or not :) are you kidding me??? i am going to have to try that right now... i can't reproduce it. where is this nameserver of yours? how do you access it? anyway, don't do it that way. seriously, trust me. I didn't realize this was how it worked. Thanks. no prob. Yes this makes sense. One more question though. What about reverse zones. Do I need one for each? I'm not sure how that works but it seems that getting the correct name back from one IP will be a little difficult? Is it possible to just do a reverse zone for the 192.168.1.0 net? sure. just like the normal zones with two changes: (1) you reverse the IP itself: 1.168.192 you append .in-addr.arpa so: zone 1.168.192.in-addr.arpa IN { type master; file db.192.168.1; }; (2) you still have NS records, but no A, , CNAME, or MX records (SOA you need still, and RP and TXT are fine too...) instead, use PTR. for instance, to map 192.168.1.1 to router.mydomain.com, have a line like this in the zone file for the 1.168.192.in-addr.arpa zone: 1 IN PTR router.mydomain.com. that's it. btw: i'd suggest reading [1] and possibly purchasing [2] if you are going to be doing DNS for a while. it's a truly excellent book. 1. http://www.fokus.gmd.de/linux/HOWTO/DNS-HOWTO.html 2. http://www.oreilly.com/catalog/dns4/ -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck as i was going up the stair i met a man who wasn't there. he wasn't there again today. i wish, i wish he'd stay away. --hughes mearns msg04885/pgp0.pgp Description: PGP signature
Re: apache-dns cname-vhost
also sprach Jesse [EMAIL PROTECTED] [2002.01.16.2031 +0100]: however, you can't place vhost.com. IN CNAME ... into a zone for our.real.domain. maybe it would even work, but you need a separate zone file for each. It did work believe it or not :) i tried it, and: Jan 16 22:00:30.735 general: warning: dns_master_load: var/zones/madduck.net/db.zone:59: ignoring out-of-zone data (www2.belligerence.net) what BIND are you running? BIND 9.2.1 over here... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck al telefono: pronto? cantina sociale?. hic!. msg04893/pgp0.pgp Description: PGP signature
Re: apache-dns cname-vhost
also sprach Jesse [EMAIL PROTECTED] [2002.01.16.1737 +0100]: I am a newbie administrator and I'm in the process of upgrading(fixing) our current dns setup. Right now there is a dns forward zone set up for each virtual host. After reading some docs on apache.org and the dns and bind book it seems I could get away with just using cname records. Is it correct to assume I could do something like this: yes, absolutely. however, you can't place vhost.com. IN CNAME ... into a zone for our.real.domain. maybe it would even work, but you need a separate zone file for each. whether they actually use A records to point to the IP, or CNAMEs to point to our.real.domain. doesn't matter in terms of apache. i'd prefer A records (CNAMEs are said to be deprecated), but in terms of functionality, they are the same. A records will be more flexible and transparent... zone hosted-sites { type master; file /etc/bind/hosted-sites; }; also, this won't work. hosted-sites is not a zone name. read below. And then just let apache handle the name based vhosts? Is it really necessary to have a seperate zone file for each vhost? yes. and yes. let me elaborate on the second. the named.conf zone statement tells BIND to be authoritative for a zone. thus, you will have something lik: zone our.real.domain IN { type master; file ... }; in named.conf. when BIND now gets a request for our.real.domain, it says yes, i am surely the right one to ask as i am authoritative for this domain, and then answers the query with information from the zone file. if you get a request for www.vhost1.com, then BIND will look for a statement zone vhost1.com IN { ... } but since it can't find it, it then either goes out to obtain the info from other nameservers (usually not, that's the job of a resolver/forwarder, not of a name server. BIND can do it though), or it simply says sorry, wrong place to ask. it will surely not be smart enough to remember that you defined vhost1.com. (even with terminating dot) in our.real.domain. does this make sense? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] when I was a boy I was told that anybody could become president. now i'm beginning to believe it. -- clarence darrow pgp5ZfgtlqweH.pgp Description: PGP signature
Re: apache-dns cname-vhost
On Wednesday 16 January 2002 12:58, martin f krafft wrote: also sprach Jesse [EMAIL PROTECTED] [2002.01.16.1737 +0100]: [...] yes, absolutely. however, you can't place vhost.com. IN CNAME ... into a zone for our.real.domain. maybe it would even work, but you need a separate zone file for each. It did work believe it or not :) whether they actually use A records to point to the IP, or CNAMEs to point to our.real.domain. doesn't matter in terms of apache. i'd prefer A records (CNAMEs are said to be deprecated), but in terms of functionality, they are the same. A records will be more flexible and transparent... [...] And then just let apache handle the name based vhosts? Is it really necessary to have a seperate zone file for each vhost? yes. and yes. let me elaborate on the second. the named.conf zone statement tells BIND to be authoritative for a zone. thus, you will have something lik: zone our.real.domain IN { type master; file ... }; in named.conf. when BIND now gets a request for our.real.domain, it says yes, i am surely the right one to ask as i am authoritative for this domain, and then answers the query with information from the zone file. if you get a request for www.vhost1.com, then BIND will look for a statement zone vhost1.com IN { ... } I didn't realize this was how it worked. Thanks. but since it can't find it, it then either goes out to obtain the info from other nameservers (usually not, that's the job of a resolver/forwarder, not of a name server. BIND can do it though), or it simply says sorry, wrong place to ask. it will surely not be smart enough to remember that you defined vhost1.com. (even with terminating dot) in our.real.domain. does this make sense? Yes this makes sense. One more question though. What about reverse zones. Do I need one for each? I'm not sure how that works but it seems that getting the correct name back from one IP will be a little difficult? Is it possible to just do a reverse zone for the 192.168.1.0 net? Thanks for your help, Jesse
Re: apache-dns cname-vhost
also sprach Jesse [EMAIL PROTECTED] [2002.01.16.2031 +0100]: however, you can't place vhost.com. IN CNAME ... into a zone for our.real.domain. It did work believe it or not :) are you kidding me??? i am going to have to try that right now... i can't reproduce it. where is this nameserver of yours? how do you access it? anyway, don't do it that way. seriously, trust me. I didn't realize this was how it worked. Thanks. no prob. Yes this makes sense. One more question though. What about reverse zones. Do I need one for each? I'm not sure how that works but it seems that getting the correct name back from one IP will be a little difficult? Is it possible to just do a reverse zone for the 192.168.1.0 net? sure. just like the normal zones with two changes: (1) you reverse the IP itself: 1.168.192 you append .in-addr.arpa so: zone 1.168.192.in-addr.arpa IN { type master; file db.192.168.1; }; (2) you still have NS records, but no A, , CNAME, or MX records (SOA you need still, and RP and TXT are fine too...) instead, use PTR. for instance, to map 192.168.1.1 to router.mydomain.com, have a line like this in the zone file for the 1.168.192.in-addr.arpa zone: 1 IN PTR router.mydomain.com. that's it. btw: i'd suggest reading [1] and possibly purchasing [2] if you are going to be doing DNS for a while. it's a truly excellent book. 1. http://www.fokus.gmd.de/linux/HOWTO/DNS-HOWTO.html 2. http://www.oreilly.com/catalog/dns4/ -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] as i was going up the stair i met a man who wasn't there. he wasn't there again today. i wish, i wish he'd stay away. --hughes mearns pgpM3JEavt4r5.pgp Description: PGP signature