Re: [gentoo-user] bind zone.file won't load
On 04.03, Harry Putnam wrote: db.192.168.1 8 snip = $TTL 1D @ IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) ; IN NS reader ; ; Addresses point to canonical names ; 192.168.1.2 IN PTRrdmz.local.lan. 192.168.1.1 IN PTRfwdmz.local.lan. == 8 snip === I just went through this myself, having a few false tries before getting it right. From this experience, here's my understanding of how zone files work: - The general syntax for lines in the zone files: key ttl class type value - You may leave out one or more of these fields, which means they inherit the value that field had in the previous line. - You may use parenthesis to break long entries into several lines. This is mostly done for the SOA line, but should worlk for other lines as well. - The ';' character means the rest of the line is a comment. - You may use the special value '@' to mean the origin, which initially is the value from the 'zone' entry in the named.conf file, with a '.' appended. An $ORIGIN entry redefines the origin for subsequent entries in the file. You may put in several $ORIGIN entries. - A $TTL entry sets the default value of the 'ttl' field from that line on. - Where names are used -- eg. the 'key' field of an 'IN A' entry, or the 'value' field of an 'IN PTR' entry -- you may specify the full name by ending it with a '.'. Names with no '.' at the end have the origin appended. Now, if you look at your 'IN NS' line (which specifies the authorative name server for your reverse domain), it translates into: key ttl class type value 1.168.192.in-addr.arpa. 1DIN NS reader.1.168.192.in-addr.arpa. Which is not what you want. Instead, try the following line: IN NS reader.local.lan. In addition, 'reader' should have an 'IN A' entry in the 'local.lan' zone file. The 'dig' command from 'bind-tools' comes in handy when debugging bind setups. Some handy commands: dig reader.local.lan dig local.lan any dig local.lan axfr dig -x 192.168.1 axfr dig -x 192.168.1 any Given like this, 'dig' contacts the name servers from '/etc/resolv.conf'. You may also append '@name-server-name' to a 'dig' command in order to specify directly which name server to contact. -- Jo. pgpTGVXZAYd7r.pgp Description: PGP signature
Re: [gentoo-user] bind zone.file won't load
On 04.03, Harry Putnam wrote: $TTL 1D @ IN SOAreader.local.lan. hostmaster ( 200405191 ; serial 8H; refresh 4H; retry 4W; expire 1D ) ; minimum ;; Nameserver (The name '@' is implied) IN NS reader ;; smtp hub (The name '@' is implied) IN MX10 reader ;; addresses for the canonical names localhost IN A 127.0.0.1 ansil IN A 192.168.0.21 bjpIN A 192.168.0.16 fw IN A 192.168.0.20 fwobsd IN A 192.168.0.19 IN A 192.168.1.1 harvey IN A 192.168.0.22 mob2 IN A 192.168.0.3 reader IN A 192.168.0.4 IN A 192.168.1.2 wapIN A 192.168.0.50 ;; aliases smtp IN CNAME reader wwwIN CNAME reader ticIN CNAME reader ;; interface specific addresses fwdmz IN A 192.168.1.1 rdmz IN A 192.168.1.2 Just a few additional comments on this: Your entries for 'reader' and 'fwobsd' are probably not what you really want. By defining several 'IN A' entries for the same host name, you effectively get bind to serve these addresses in 'round robin' fashion whenever a client looks up that name. Another way to look at this is that you don't name hosts in DNS, you name IP addresses. If a host has several IP addresses, eg. because it has several NIC's, you should give a separate name to each IP address. In your case, you could do something like this: reader IN A 192.168.0.4 reader0 IN A 192.168.0.4 reader1 IN A 192.168.1.2 or reader0 IN A 192.168.0.4 reader1 IN A 192.168.1.2 reader IN CNAME reader0 Note that you may define as many names for an IP address as you like. A case where you'd definitely want to do this, is with the name for the name server host itself. Put in something like this: ns IN A 192.168.0.4 Then you may use 'ns.local.lan.' in all your 'IN SOA' entries instead of the name for the actual host. Then you only need to change one entry in case you want to change to another name server host. Also, note that this has to be an 'IN A' entrym not an 'IN CNAME' entry, as the name in the SOA has to be an 'IN A' entry. -- Jo. pgpWctwjUd1k4.pgp Description: PGP signature
[gentoo-user] bind zone.file won't load
Running an authoritative name server on a small home lan as training exercise. And using DNS and Bind 4th ed as a guide. A quick sketch of this network(There are more hosts on it but for simplicity): (All have prefix 192.168 and netmask 255.255.255.0) INTERNET | (Dynamic IP) | NETGEAR (consumer grade router) reader | 0.20 fwobsd -- | 0.4| 0.3 | 0.5| 0.19 || || [ m1 ] [ m2 ] [ m3 ] [ m4 ] | 1.2| 1.1 || rdmz fwdmz So I have two networks here.. 192.168.0/24 and 192.168.1/24 M1 and M4 both have 2 nics and addresses in 192.168.0 and 192.168.1 as shown... (if mail doesn't mangle my asci production too bad.) My problem is how to integrate 192.168.1/24 into my zone.files The reverse-pointer zone.file for 192.168.1 is where the rub is. I'm very inexperienced with routing in general and nameservers in particular setting up a home lan nameserver is a training exercise for me. Where I get confused is what is the origin `@' for this zone? Can I use `@' or need to spell out 192.168.1? What happens to my domain... `local.lan' does it still cover what are now really two numeric domains 192.168.0 and 192.168.1? I've tried various combinations in the reverse zone for 192.168.1, but all I've tried have has one or another problem loading, or being ignored. The reverse file for 192.168.1 is below and at the end .. after names logs is the db.local.lan zone file. (naming convention stolen from DNS and Bind (4th ed)) I'll post, at the end the named log output from this zone.file as an example but as mentioned, I've tried quite a few combinations unsuccessfully. I can post them all but hopefully someone will see the problem I've created. This one causes the 2 address in 192.168.1 to simply be ignored... other versions have different reasons for not loading properly. db.192.168.1 8 snip = $TTL 1D @ IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) ; IN NS reader ; ; Addresses point to canonical names ; 192.168.1.2 IN PTRrdmz.local.lan. 192.168.1.1 IN PTRfwdmz.local.lan. == 8 snip === [ -ed leaving `@' as is but spelling out canonical IP for the two on 192.168.1 cause them to be ignored] Mar 4 09:59:39 reader named[8959]: pri/db.192.168.1:18: ignoring out-of-zone data (192.168.1.2) Mar 4 09:59:39 reader named[8959]: pri/db.192.168.1:19: ignoring out-of-zone data (192.168.1.1) Mar 4 09:59:39 reader named[8959]: zone 1.168.192.in-addr.arpa/IN: loaded serial 200405190 === [...] == db.local.lan (I think this is close to right at least) 8 snip $TTL 1D @ IN SOAreader.local.lan. hostmaster ( 200405191 ; serial 8H; refresh 4H; retry 4W; expire 1D ) ; minimum ;; Nameserver (The name '@' is implied) IN NS reader ;; smtp hub (The name '@' is implied) IN MX10 reader ;; addresses for the canonical names localhost IN A 127.0.0.1 ansil IN A 192.168.0.21 bjpIN A 192.168.0.16 fw IN A 192.168.0.20 fwobsd IN A 192.168.0.19 IN A 192.168.1.1 harvey IN A 192.168.0.22 mob2 IN A 192.168.0.3 reader IN A 192.168.0.4 IN A 192.168.1.2 wapIN A 192.168.0.50 ;; aliases smtp IN CNAME reader wwwIN CNAME reader ticIN CNAME reader ;; interface specific addresses fwdmz IN A 192.168.1.1 rdmz IN A 192.168.1.2 8 snip == -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] bind zone.file won't load
Running an authoritative name server on a small home lan as training
exercise. And using DNS and Bind 4th ed as a guide.
A quick sketch of this network(There are more hosts on it
but for simplicity):
(All have prefix 192.168 and netmask 255.255.255.0)
INTERNET
| (Dynamic IP)
|
NETGEAR (consumer grade router)
reader | 0.20 fwobsd
--
| 0.4| 0.3 | 0.5| 0.19
|| ||
[ m1 ] [ m2 ] [ m3 ] [ m4 ]
| 1.2| 1.1
||
rdmz fwdmz
So I have two networks here.. 192.168.0/24 and 192.168.1/24
M1 and M4 both have 2 nics and addresses in 192.168.0 and 192.168.1
as shown... (if mail doesn't mangle my asci production too bad.)
My problem is how to integrate 192.168.1/24 into my zone.files
The reverse-pointer zone.file for 192.168.1 is where the rub is.
I'm very inexperienced with routing in general and nameservers in
particular setting up a home lan nameserver is a training
exercise for me.
Where I get confused is what is the origin `@' for this zone?
Can I use `@' or need to spell out 192.168.1?
What happens to my domain... `local.lan' does it still cover what are
now really two numeric domains 192.168.0 and 192.168.1?
Here's a reverse zone file for my home network. It's 10.10.0/24
but you'll figure out how to tailor this to your needs.
# cat pri/0.10.10.zone
;BIND DUMP V8
$ORIGIN 10.10.IN-ADDR.ARPA.
0 3600IN SOA baikal.iproducts.test.
root.baikal.iproducts.test. (
20050421 3600 900 360 3600 );Cl=5
3600IN NS baikal.iproducts.test. ;Cl=5
$ORIGIN 0.10.10.IN-ADDR.ARPA.
2 3600IN PTR volga.iproducts.test. ;Cl=5
1 3600IN PTR baikal.iproducts.test. ;Cl=5
3 3600IN PTR g40.iproducts.test. ;Cl=5
;10 3600IN PTR wisla.iproducts.test. ;Cl=5
#cat named.conf
...
zone 0.10.10.in-addr.arpa IN {
type master;
file pri/0.10.10.zone;
allow-update{
10.10.0.1;
};
};
...
HTH,
Sasha
--
gentoo-user@gentoo.org mailing list
