bind using a separate zone file

linuxfia · 09-09-2008, 04:36 PM

Is it normal to use a separate zone file for the sub-domain and not together merged with the parent zone file?
ex)
linuxorg.com is the parent domain.

It has entries in = /etc/named.conf
Its zone file = /var/named/data/linuxorg.com.zone

sub.linuxorg.com is the sub domain:

It has entries in = /etc/named.conf
Its zone file = /var/named/data/sub.linuxorg.com.zone

The zone file for linuxorg.com in /var/named/data/linuxorg.com.zone:

$TTL 84600
linuxorg.com. IN SOA ns1.linuxorg.com. root.localhost. (
20070800 ; serial
3H ; refresh interval
15M ; retry interval
1W ; zone expires in ..
1D ; minimum TTL
)
NS ns1.linuxorg.com.

$ORIGIN linuxorg.com.
A 10.20.30.2
ns1 A 10.20.30.100
comp A 10.20.30.200

The zone file for sub.linuxorg.com in /var/named/data/sub.linuxorg.com.zone:

$TTL 84600
sub.linuxorg.com. IN SOA ns1.linuxorg.com. root.localhost. (
20070911 ; serial
3H ; refresh interval
15M ; retry interval
1W ; zone expires in ..
1D ; minimum TTL
)
NS ns1.linuxorg.com.

$ORIGIN sub.linuxorg.com.
A 10.20.30.2
ns1 A 10.20.30.100
comp1 A 10.20.30.50

billymayday · 09-09-2008, 04:47 PM

I know I don't but that's no real indication of anything.

What I'd be less sure of is whether or not bind will even see the subdomain zone file, since it's looking in example.com.zone for *.example.com, does it chaeck early enough for the exemption that is *.sub.example.com?

linuxfia · 09-09-2008, 05:02 PM

I have the following entries in /etc/named.conf:

zone "linuxorg.com" {
type master;
notify TRUE;
file "/var/named/data/linuxorg.com.zone";
};

zone "sub.linuxorg.com" {
type master;
notify TRUE;
file "/var/named/data/sub.linuxorg.com.zone";
};

Won't it look for the approprite zone file for each zone?

billymayday · 09-09-2008, 05:06 PM

As I said, I'm not sure. Have you tried it?

linuxfia · 09-09-2008, 06:24 PM

Yes, it seems to work...
I'm wondering if other people use separate zone files for each zone.

billymayday · 09-09-2008, 06:27 PM

Fair enough.

I guess it depends in part on how many entries you will have for the subdomain. I only havea a couple, so I use the main zone file.

chort · 09-09-2008, 06:47 PM

No, typically you do not separate out sub-domain unless they are delegated to different sets of nameservers.

Also, your root zone should have "glue" for the sub-domain, i.e. the root zone should have A records for all the nameservers in the sub-domain, as well as the NS records for the sub-domain (if you choose to split sub-domains into their own zones).

Mr. C. · 09-09-2008, 06:47 PM

Typically you would have each zone in its own file. This is because the ORIGIN is set automatically by the named.conf zone statement, allowing hostname-only lines to just work. And you don't need to change ORIGIN's mid-file for the sub-domain. It also makes delegation easier (you can just pass on the zone files to the sub-domain owner). For small sites, it doesn't really matter; do what works for you.

linuxfia · 09-10-2008, 01:10 PM

Thanks for all your input.
I think it's more organized and easier for me to view by having a separate zone file for each sub-domain.
The sub-domain sub.linux.com is delegated to another NS but only some of the zones (ex: _msdcs.sub.linuxorg.com. > delegated to Windows DNS). The current local BIND server is still the SOA for the sub-domain sub.linuxorg.com.

In this case, by having separate zone file for the sub-domain and only delegating some of the sub-domain's zone to another NS, do I still need to add a glue record in the root zone file?

This would be the sub-domain sub.linuxorg.com's zone file:
$TTL 84600
sub.linuxorg.com. IN SOA ns1.linuxorg.com. root.localhost. (
20070911 ; serial
3H ; refresh interval
15M ; retry interval
1W ; zone expires in ..
1D ; minimum TTL
)
NS ns1.linuxorg.com.

$ORIGIN sub.linuxorg.com.
A 10.20.30.2
ns1 A 10.20.30.100
comp1 A 10.20.30.50
DC A 10.20.30.200

_msdcs NS DC //*delegating this zone and some others.
A 10.20.30.200

This would be the root zone linuxorg.com's zone file:

$TTL 84600
linuxorg.com. IN SOA ns1.linuxorg.com. root.localhost. (
20070800 ; serial
3H ; refresh interval
15M ; retry interval
1W ; zone expires in ..
1D ; minimum TTL
)
NS ns1.linuxorg.com.

$ORIGIN linuxorg.com.
A 10.20.30.2
ns1 A 10.20.30.100
comp A 10.20.30.200

If I need to add a glue record here, do I add just the zone being delegated (_msdcs.sub.linuxorg.com) from the sub-domain?
ex)
_msdcs.sub.linuxorg.com. NS DC.sub.linuxorg.com. A 10.20.30.200

chort · 09-10-2008, 03:14 PM

Quote:

Originally Posted by linuxfia

If I need to add a glue record here, do I add just the zone being delegated (_msdcs.sub.linuxorg.com) from the sub-domain?

You only need to add glue for the zone being directly delegated.

Say you have a domain c.com, and sub-domains b.c.com and a.b.c.com. You would have this:

Code:

c.com zone:
...
IN NS ns.c.com.
ns IN A 10.1.2.2
ns.b IN A 10.1.2.3
b IN NS ns.b.c.com.

b.c.com zone:
...
IN NS ns.b.c.com.
ns IN A 10.1.2.3
ns.a IN A 10.1.2.4
a IN NS ns.a.b.c.com.

a.b.c.com zone:
...
IN NS ns.a.b.c.com.
ns IN A 10.1.2.4

So basically it's hierarchical. Each enclosing domain has glue for the sub-domain that it immediately delegates to. You can nest as many times as you want this way.

Even if you're not delegating a.b.c.com to a different NS than b.c.com, you would still list the NS record for it in both b.c.com and a.b.c.com. An example of that:

Code:

c.com zone:
...
ns.b IN A 192.168.1.2
b IN NS ns.b.c.com.

b.c.com zone:
...
a IN NS ns.b.c.com.