bind multiple servers

[lele2]

Thank you very much for your reply. This configuration is perfect (I tested it and it's ok!), however, it works if I use only one machine. Because when I ask an entry in the second machine with "dig 789.123.ons.com" (in effect in 10.10.10.12, that the address of my second machine, I added the product "789") I receive this error:

Code:

; <<>> DiG 9.9.2-P1 <<>> 789.123.ons.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12004
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;789.123.ons.com.        IN    A

;; AUTHORITY SECTION:
123.ons.com.        86400    IN    SOA    123.ons.com. 123.ons.com. 2013102500 604800 86400 2419200 86400

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Oct 25 13:57:47 2013
;; MSG SIZE  rcvd: 84

I have the correct answer only with the request "dig @10.10.10.12 789.123.ons.com".

Thank you!

[hawkmage]

Where did you put the entry for the host 789.123.ons.com?

There is only one domain 123.ons.com. If the DNS server that the query goes to is authoritative for that domain it will answer. The sone file fir 123.ons.com should be the same on both servers if they are both going to answer for that domain queries. To keep them the same you either have one server as master and the other as a slave so the update will be automatic or you have them both as masters and you have to make the update to both zone files manually.

You do not have a host name 789.123.ons.com in the 123.ons.com zone file on one server and not the other.

[lele2]

Ok, I understood what you said. However if I want a configuration where the first machine has only the address of the next machine that has the possibility to resolve the query. Because what I would is that the "dig 789.123.ons.com" asked in the first machine can be solved automatically without put "@10.10.10.12".
I think this is completely another configuration, sorry.

[SeijiSensei]

I'll only suggest this one more time: your best solution is to use a forwarder.

[lele2]

I'll only suggest this one more time: your best solution is to use a forwarder.

I think also that is the best solution but I tried with a forwarder like you wrote me but didn't work. Maybe I need to put something else in the config?

[SeijiSensei]

Do you see any forwarding restrictions in named.conf? Otherwise forwarding works pretty much as it should. You simply add an entry to the local server's zones that points to the authoritative server for the remote domain. Make sure they all can exchange traffic with each other; perhaps a firewalling rule is in the way.

I use this method to resolve names on private networks in my clients' offices over a VPN. I have the same view from here as I would sitting in at a desk over there.

[hawkmage]

lele2:
Iam not sure what you mean by "the first machine has only the address of the next machine".

To get the host name 789.123.ons.com resolved you need the 789 A record in the 123.ons.com zone and the NS glue records in the ons.com zone need to point to the server that hosts the 123.ons.com zone.

SeijiSensei:
If he is trying to host his own sub-domains using a forwarder is not going to help without setting up that zone on the host being forwarded to.

[lele2]

SeijiSensei:
The machine can exchange traffic. If I follow your suggestions I have this file:
My named.conf.options in 10.10.10.11 and 10.10.10.12 is:

Code:

 options {
    directory "/var/cache/bind";
    recursion yes;
    dnssec-validation auto;
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

The named.conf.local in 10.10.10.11 is:

Code:

zone "ons.com" { 
        type master;
        file "/etc/bind/db.ons.com";
};

zone "123.ons.com" {
    type forward;
    forward only;
    forwarders { 10.10.10.12;};
};

In 10.10.10.12:

Code:

zone "123.ons.com" {
    type master;
    file "/etc/bind/db.123.ons.com";
};

In 10.10.10.12 the db.123.ons.com is:

Code:

;
; BIND data file for local loopback interface
;
$TTL    86400
$ORIGIN .
123.ons.com    IN    SOA    123.ons.com. 123.ons.com. (
               2013102900    ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             86400 )    ; Negative Cache TTL
;
$TTL    259200    ;3 days
$ORIGIN 123.ons.com.
    IN    NS    ns
ns    IN    A    10.10.10.12
789    IN    A    10.10.10.13

With this config I receive the correct answer only with "dig @10.10.10.12 789.123.ons.com".

hawkmage:
Instead, if I follow your config I have the file like you suggest but in 10.10.10.12 db.123.ons.com file I add the last row that you can see with "789 IN A 10.10.10.13". Also in this case I receive the correct answer olny when I put @address.

Thanks.

[SeijiSensei]

zone "ons.com" {
type master;
file "/etc/bind/db.ons.com";
};

zone "123.ons.com" {
type forward;
forward only;
forwarders { 10.10.10.12;};
};

I think part of the problem is here. 123.ons.com is a subdomain of ons.com and should be defined in the zone file for that domain, not in named.conf. The zone file /etc/bind/db.ons.com should look like this:

Code:

ons.com.      IN      SOA ....

              IN      NS   ns
ns            IN      A    10.10.10.10

123          IN       NS   ns123
ns123        IN       A    10.10.10.11

Now a request for host.123.ons.com is resolved against the server for that subdomain.

I was confused by the original presentation where you were using dnsA and dnsB which indicated they were entirely separate domains. Now it appears you have one domain with subdomains. That is organized in an hierarchical manner.

[hawkmage]

What do you get if you run the following:

Code:

dig 123.ons.com @10.10.10.11
dig 123.ons.com @10.10.10.12