Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27

Thread: bind multiple servers

  1. #21
    Join Date
    Dec 2010
    Beans
    570
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: bind multiple servers

    Quote Originally Posted by SeijiSensei View Post
    I think part of the problem is here. 123.ons.com is a subdomain of ons.com and should be defined in the zone file for that domain, not in named.conf.
    The named.conf.local posted has the zone definition for ons.com and 123.ons.com. There is no issue with that if that server is going to respond to request for something in that domain one bind server can host both a domain and its subdomains.

    I run a similar setup at home. Lets say the domain I have is mydomain.com, I have 3 DNS server on my internal network that I use for all of my internal DNS needs, there is one master and 2 slaves. The mydomain.com has all of my internet facing host names and home.mydomain.com has all of the internal facing ones. Each of these host both mydomain.com and home.mydomain.com as well ad the reverse IPv4 and IPv6 zones all defined in the named.conf.local.

    The NS records for home.mydomain.com along with their A/AAAA records are defined in my mydomain.com as the DNS Zone Glue records

    On my master DNS I have the following (I am leaving out the reverse zone and IPv6 stuff for simplicity):


    named.conf.local
    Code:
    zone "mydomain.com" {
            type master;
            file "/etc/bind/db.mydomain.com";
            allow-transfer { zone_transfers ; };
    };
    
    
    zone "home.mydomain.com" {
            type master;
            file "/etc/bind/db.home.mydomain.com";
            allow-transfer { zone_transfers ; };
    };
    db.mydomain.com
    Code:
    $ORIGIN .
    $TTL 86400      ; 1 day
    mydomain.com        IN SOA  mydomain.com. root.mydomain.com. (
                    131008000  ; serial
                    28800      ; refresh (8 hours)
                    7200       ; retry (2 hours)
                    2419200    ; expire (4 weeks)
                    86400      ; minimum (1 day)
                    )
    $TTL 259200 ;3 days
    $ORIGIN mydomain.com.
                   IN    NS    ns1
                   IN    NS    ns2
                   IN    NS    ns3
    ns1            IN    A    XXX.XXX.XXX.10
    ns2            IN    A    XXX.XXX.XXX.11
    ns3            IN    A    XXX.XXX.XXX.12
    dhost1         IN    A    XXX.XXX.XXX.30
    dhost2         IN    A    XXX.XXX.XXX.31
    dhost3         IN    A    XXX.XXX.XXX.32
    $ORIGIN home.mydomain.com.
                   IN    NS    ns1
                   IN    NS    ns2
                   IN    NS    ns3
    ns1            IN    A    XXX.XXX.XXX.10
    ns2            IN    A    XXX.XXX.XXX.11
    ns3            IN    A    XXX.XXX.XXX.12

    db.home.mydomain.com
    Code:
    $ORIGIN .
    $TTL 86400      ; 1 day
    home.mydomain.com        IN SOA  home.mydomain.com. root.home.mydomain.com. (
                    131008000  ; serial
                    28800      ; refresh (8 hours)
                    7200       ; retry (2 hours)
                    2419200    ; expire (4 weeks)
                    86400      ; minimum (1 day)
                    )
    $TTL 259200 ;3 days
    $ORIGIN home.mydomain.com.
                   IN    NS    ns1
                   IN    NS    ns2
                   IN    NS    ns3
    ns1            IN    A    XXX.XXX.XXX.10
    ns2            IN    A    XXX.XXX.XXX.11
    ns3            IN    A    XXX.XXX.XXX.12
    mhost1         IN    A    XXX.XXX.XXX.50
    mhost2         IN    A    XXX.XXX.XXX.51
    mhost3         IN    A    XXX.XXX.XXX.52

    The mydomain.com zone defines ns1.mydomain.com, ns2.mydomain.com and ns3.mydomain.com as the name servers for the mydomain.com domain, it also defines ns1.home.mydomain.com, ns2.home.mydomain.com and ns3.home.mydomain.com as the name servers for the home.mydomain.com domain.

    The home.mydomain.com zone defines ns1.home.mydomain.com, ns2.home.mydomain.com and ns3.home.mydomain.com as the name servers for the home.mydomain.com domain.

    The dhost# host names are in the mydomain.com and the mhosts# are in the home.mydomain.com domains.

    If I wanted to change the above config so that mydomain.com was hosted on ns1 and have home.mydomain.com on ns2 I would do the following and ns3 was a slave for both zones:

    On ns1:
    named.conf.local
    Code:
    zone "mydomain.com" {
            type master;
            file "/etc/bind/db.mydomain.com";
            allow-transfer { zone_transfers ; };
    };
    db.mydomain.com
    Code:
    $ORIGIN .
    $TTL 86400      ; 1 day
    mydomain.com        IN SOA  mydomain.com. root.mydomain.com. (
                    131008000  ; serial
                    28800      ; refresh (8 hours)
                    7200       ; retry (2 hours)
                    2419200    ; expire (4 weeks)
                    86400      ; minimum (1 day)
                    )
    $TTL 259200 ;3 days
    $ORIGIN mydomain.com.
                   IN    NS    ns1
                   IN    NS    ns3
    ns1            IN    A    XXX.XXX.XXX.10
    ns3            IN    A    XXX.XXX.XXX.12
    dhost1         IN    A    XXX.XXX.XXX.30
    dhost2         IN    A    XXX.XXX.XXX.31
    dhost3         IN    A    XXX.XXX.XXX.32
    $ORIGIN home.mydomain.com.
                   IN    NS    ns2
                   IN    NS    ns3
    ns2            IN    A    XXX.XXX.XXX.11
    ns3            IN    A    XXX.XXX.XXX.12
    On ns2:
    named.conf.local
    Code:
    zone "home.mydomain.com" {
            type master;
            file "/etc/bind/db.home.mydomain.com";
            allow-transfer { zone_transfers ; };
    };
    db.home.mydomain.com
    Code:
    $ORIGIN .
    $TTL 86400      ; 1 day
    home.mydomain.com        IN SOA  home.mydomain.com. root.home.mydomain.com. (
                    131008000  ; serial
                    28800      ; refresh (8 hours)
                    7200       ; retry (2 hours)
                    2419200    ; expire (4 weeks)
                    86400      ; minimum (1 day)
                    )
    $TTL 259200 ;3 days
    $ORIGIN home.mydomain.com.
                   IN    NS    ns2
                   IN    NS    ns3
    ns2            IN    A    XXX.XXX.XXX.11
    ns3            IN    A    XXX.XXX.XXX.12
    mhost1         IN    A    XXX.XXX.XXX.50
    mhost2         IN    A    XXX.XXX.XXX.51
    mhost3         IN    A    XXX.XXX.XXX.52
    Last edited by hawkmage; October 31st, 2013 at 04:27 AM.

  2. #22
    Join Date
    Oct 2013
    Beans
    13

    Re: bind multiple servers

    With the last config that SeijiSensei suggest me I have this in output:
    Code:
    ; <<>> DiG 9.9.2-P1 <<>> 123.ons.com @10.10.10.11
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63685
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;123.ons.com.            IN    A
    
    ;; Query time: 0 msec
    ;; SERVER: 10.10.10.11#53(10.10.10.11)
    ;; WHEN: Wed Oct 30 10:40:24 2013
    ;; MSG SIZE  rcvd: 40
    Code:
    ; <<>> DiG 9.9.2-P1 <<>> 123.ons.com @10.10.10.12
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62628
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;123.ons.com.            IN    A
    
    ;; AUTHORITY SECTION:
    123.ons.com.        86400    IN    SOA    123.ons.com. 123.ons.com. 2013103000 604800 86400 2419200 86400
    
    ;; Query time: 4 msec
    ;; SERVER: 10.10.10.12#53(10.10.10.12)
    ;; WHEN: Wed Oct 30 10:47:30 2013
    ;; MSG SIZE  rcvd: 76
    Code:
    ; <<>> DiG 9.9.2-P1 <<>> 789.123.ons.com @10.10.10.12
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60847
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;789.123.ons.com.        IN    A
    
    ;; ANSWER SECTION:
    789.123.ons.com.    259200    IN    A    10.10.10.13
    
    ;; AUTHORITY SECTION:
    123.ons.com.        259200    IN    NS    ns2.123.ons.com.
    
    ;; ADDITIONAL SECTION:
    ns2.123.ons.com.    259200    IN    A    10.10.10.12
    
    ;; Query time: 6 msec
    ;; SERVER: 10.10.10.12#53(110.10.10.12)
    ;; WHEN: Wed Oct 30 10:57:54 2013
    ;; MSG SIZE  rcvd: 94

    In effect you understood well because I would dnsA and dnsB with different domain but I thought to manage this with different zone or am I doing wrong?
    In all of case what I would is that only 10.10.10.12 know the address of product 789 and me in 10.10.10.11 can discover this info.

  3. #23
    Join Date
    Oct 2013
    Beans
    13

    Re: bind multiple servers

    Thank you hawkmage! I think that your second config is perfect! I setted all like you said but I don't know why I have always the same problem. I put here the two dig:

    Code:
    ; <<>> DiG 9.9.2-P1 <<>> mhost1.home.mydomain.com @10.10.10.10
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57325
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;mhost1.home.mydomain.com.    IN    A
    
    ;; AUTHORITY SECTION:
    mydomain.com.        86400    IN    SOA    mydomain.com. root.mydomain.com. 13103000 28800 7200 2419200 86400
    
    ;; Query time: 0 msec
    ;; SERVER: 10.10.10.10#53(10.10.10.10)
    ;; WHEN: Wed Oct 30 14:41:14 2013
    ;; MSG SIZE  rcvd: 94
    Code:
    ; <<>> DiG 9.9.2-P1 <<>> mhost1.home.mydomain.com @10.10.10.11
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19216
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;mhost1.home.mydomain.com.    IN    A
    
    ;; ANSWER SECTION:
    mhost1.home.mydomain.com. 259200 IN    A    10.10.10.50
    
    ;; AUTHORITY SECTION:
    home.mydomain.com.    259200    IN    NS    ns2.home.mydomain.com.
    home.mydomain.com.    259200    IN    NS    ns3.home.mydomain.com.
    
    ;; ADDITIONAL SECTION:
    ns2.home.mydomain.com.    259200    IN    A    10.10.10.11
    ns3.home.mydomain.com.    259200    IN    A    10.10.10.12
    
    ;; Query time: 2 msec
    ;; SERVER: 10.10.10.11#53(10.10.10.11)
    ;; WHEN: Wed Oct 30 14:42:13 2013
    ;; MSG SIZE  rcvd: 137

  4. #24
    Join Date
    Dec 2010
    Beans
    570
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: bind multiple servers

    OK, I think I may have an idea what is going on. If you have forwarders set to DNS servers that have no clue about the mydomain.com and home.mydomain.com then the delegation doesn't quite work.

    A client query is almost always a recursive query. This causes the DNS server to recursively resolve the name, if you have forwarders it queries the forwarder for anything in zones it is not authoritative for. This should config should work if the domains you are querying are properly delegated from the top level domain to your sub-domain. If there is a break in the chain it will fail.

    Try the dig command with the +norecurse option

  5. #25
    Join Date
    Oct 2013
    Beans
    13

    Re: bind multiple servers

    Quote Originally Posted by hawkmage View Post
    OK, I think I may have an idea what is going on. If you have forwarders set to DNS servers that have no clue about the mydomain.com and home.mydomain.com then the delegation doesn't quite work.

    A client query is almost always a recursive query. This causes the DNS server to recursively resolve the name, if you have forwarders it queries the forwarder for anything in zones it is not authoritative for. This should config should work if the domains you are querying are properly delegated from the top level domain to your sub-domain. If there is a break in the chain it will fail.

    Try the dig command with the +norecurse option
    Unfortunately I receive the same answer:

    Code:
    ; <<>> DiG 9.9.2-P1 <<>> @10.10.10.10 mhost1.home.mydomain.com +norecurse
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28517
    ;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;mhost1.home.mydomain.com.    IN    A
    
    ;; AUTHORITY SECTION:
    mydomain.com.        86400    IN    SOA    mydomain.com. root.mydomain.com. 13103000 28800 7200 2419200 86400
    
    ;; Query time: 2 msec
    ;; SERVER: 110.10.10.10#53(10.10.10.10)
    ;; WHEN: Mon Nov  4 13:50:00 2013
    ;; MSG SIZE  rcvd: 94

  6. #26
    Join Date
    Oct 2013
    Beans
    13

    Re: bind multiple servers

    Do you have any suggestions how to fix this problem?
    Thanks

  7. #27
    Join Date
    Dec 2010
    Beans
    570
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: bind multiple servers

    No, I have no more ideas. I have put the zone files I posted above in my DNS servers with the proper IP changes for my network and it works.

Page 3 of 3 FirstFirst 123

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •