LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   BIND SOA Configuration on a Sub Domain (http://www.linuxquestions.org/questions/linux-server-73/bind-soa-configuration-on-a-sub-domain-911797/)

Pete-L 11-04-2011 04:49 AM

BIND SOA Configuration on a Sub Domain
 
Hello,

I was hoping someone could help me solve this problem with BIND, SOAs and Sub Domains

I have the following domain

mydomain.co.uk
NS = ns1.provider.com
NS = ns2.provider.com
SOA = ns1.provider.com
A = ns1.mydomain.co.uk 1.1.1.1
A = ns2.mydomain.co.uk 2.2.2.2

I have created a subdomain -

subdom.mydomain.co.uk
NS = ns1.mydomain.co.uk
NS = ns2.mydomain.co.uk

A Records should be handled by ns1/2.mydomain.co.uk for the subdom.mydomain.co.uk and www.subdom.mydomain.co.uk

The problem is that when I do a lookup against subdom.mydomain.co.uk its not getting an authoritive answer as it seems to be getting the SOA from the root/parent domain (mydomain.co.uk)

I've been doing a bit of googling and saw some suggestions of using glue records but was told by my provider that Nominet doesnt support them.

Ultimatly my end goal is to not change anything in mydomain.co.uk (except adding records pointing to subdomains) and have subdom.mydomain.co.uk getting A records from ns1.mydomain.co.uk and ns2.mydomain.co.uk

I would post the zone files but I dont have access to them.

Any help much appreciated!

Pete

bathory 11-04-2011 05:58 AM

Hi,

Unless it's a typo, you have a wrong SOA for your domain. It should be
Code:

mydomain.co.uk
NS = ns1.provider.com
NS = ns2.provider.com
SOA = mydomain.co.uk
A = ns1.mydomain.co.uk 1.1.1.1
A = ns2.mydomain.co.uk 2.2.2.2

Quote:

Ultimatly my end goal is to not change anything in mydomain.co.uk (except adding records pointing to subdomains) and have subdom.mydomain.co.uk getting A records from ns1.mydomain.co.uk and ns2.mydomain.co.uk
If I can understand well what you are trying to do, you need to add an $ORIGIN for the subdomain(s) in the mydomain.co.uk zone file. If you don't have access there is no other way to do what you're trying to accomplish.
Anyway, the zone file for the TLD, should look like this:
Code:

$TTL 86400
mydomain.co.uk.                IN SOA  ns1.mydomain.co.uk. root.mydomain.co.uk. (
<--snipped usual SOA stuff-->
                                )
      NS ns1.provider.com.
      NS ns2.provider.com.
ns1.mydomain.co.uk. A 1.1.1.1
ns2.mydomain.co.uk A 2.2.2.2

$ORIGIN subdom.mydomain.co.uk.
      NS ns1.mydomain.co.uk.
      NS ns2.mydomain.co.uk.

And configure ns1/2.mydomain.co.uk to do what you want (add A RRs for subdom.mydomain.co.uk, www.subdom.mydomain.co.uk etc)

Regards

deep27ak 11-04-2011 06:26 AM

@bathory

The SOA should be

Code:

ns1.mydomain.co.uk
as you have mentioned in your example config.?
or
Code:

mydomain.co.uk
@Pete-L
This might help you

Code:

subdom.mydomain.co.uk
      IN  NS  ns1.mydomain.co.uk
      IN  NS  ns2.mydomain.co.uk
ns1    IN  A  1.1.1.1
ns2    IN  A  2.2.2.2


Pete-L 11-04-2011 06:32 AM

Hi,

Thanks for the reply, I've spoken to my provider and they have given me the zone file.

Code:


$TTL 21600

@      IN      SOA    ns1.provider.com.      hostmaster.provider.com. (
<SNIP>

mydomain.co.uk.  21600    IN      NS      ns1.provider.com.
mydomain.co.uk.  21600    IN      NS      ns2.provider.com.
mydomain.co.uk.  21600    IN      NS      ns5.provider.com.
mydomain.co.uk.  21600    IN      NS      ns6.provider.com.
subdom 21600    IN      NS      ns1.mydomain.co.uk.
subdom 21600    IN      NS      ns2.mydomain.co.uk.

mydomain.co.uk.  21600  IN      A      3.3.3.3
www  21600  IN      A      3.3.3.3
ns2      IN      A      2.2.2.2
ns1      IN      A      1.1.1.1

Basically we are trying to use DNS load balancers (they serve the A Records) for the subdom.mydomain.co.uk while keeping the DNS management for the mydomain.co.uk with the provider and their web GUI. Would this be why the SOA is ns1.provider.com?

While I dont have direct access to the files to change myself I can specify changes to the provider and they can add them for me (they told me what I wanted to do wasnt possible, hence the post here as I found it hard to believe)

So from my understanding of what you're saying the zone file should look like (excluding the query regarding the root SOA)-

Code:

$TTL 21600

@      IN      SOA    ns1.provider.com.      hostmaster.provider.com. (
<SNIP>

mydomain.co.uk.  21600    IN      NS      ns1.provider.com.
mydomain.co.uk.  21600    IN      NS      ns2.provider.com.
mydomain.co.uk.  21600    IN      NS      ns5.provider.com.
mydomain.co.uk.  21600    IN      NS      ns6.provider.com.
subdom  21600    IN      NS      ns1.mydomain.co.uk.
subdom  21600    IN      NS      ns2.mydomain.co.uk.

mydomain.co.uk.  21600  IN      A      3.3.3.3
www  21600  IN      A      3.3.3.3
ns2      IN      A      2.2.2.2
ns1      IN      A      1.1.1.1

@ORIGIN subdom.mydomain.co.uk.
NS ns1.mydomain.co.uk
NS ns2.mydomain.co.uk

Many Thanks,
Pete

deep27ak 11-04-2011 06:45 AM

Its really confusing me
but as per my knowledge there should be an A record pointing "ns"

Code:

@ORIGIN subdom.mydomain.co.uk.
      IN  NS  ns1.mydomain.co.uk
      IN  NS  ns2.mydomain.co.uk
ns1    IN  A  1.1.1.1
ns2    IN  A  2.2.2.2

You can always wait for the experts review:hattip:

Pete-L 11-04-2011 06:48 AM

Quote:

Originally Posted by deep27ak (Post 4515611)
Its really confusing me
but as per my knowledge there should be an A record pointing "ns"

Code:

@ORIGIN subdom.mydomain.co.uk.
      IN  NS  ns1.mydomain.co.uk
      IN  NS  ns2.mydomain.co.uk
ns1    IN  A  1.1.1.1
ns2    IN  A  2.2.2.2

You can always wait for the experts review:hattip:

Wouldnt that make it ns1.subdom.mydomain.co.uk and ns2.subdom.mydomain.co.uk if specified under the subdom.mydomain.co.uk?

deep27ak 11-04-2011 06:56 AM

Quote:

Originally Posted by Pete-L (Post 4515615)
Wouldnt that make it ns1.subdom.mydomain.co.uk and ns2.subdom.mydomain.co.uk if specified under the subdom.mydomain.co.uk?

The name server which is mentioned is pointing to
Code:

NS ns1.mydomain.co.uk
So how will it take
Code:

subdom.mydomain.co.uk?
But as I said you can wait for an expert's advice before making any changes

bathory 11-04-2011 07:05 AM

@deep27ak, @Pete-L

Don't be confused from the SOA word in the first line of a SOA record. The SOA RR is the whole stuff from the TTL to the closing ")". In the line
Quote:

@ IN SOA ns1.provider.com. hostmaster.provider.com. (
there is the @ (or the ORIGIN, i.e. the domain), the authoritative nameserver and the admin's email, so the above is correct.

Quote:

Thanks for the reply, I've spoken to my provider and they have given me the zone file.

$TTL 21600

@ IN SOA ns1.provider.com. hostmaster.provider.com. (
<SNIP>

mydomain.co.uk. 21600 IN NS ns1.provider.com.
mydomain.co.uk. 21600 IN NS ns2.provider.com.
mydomain.co.uk. 21600 IN NS ns5.provider.com.
mydomain.co.uk. 21600 IN NS ns6.provider.com.
subdom 21600 IN NS ns1.mydomain.co.uk.
subdom 21600 IN NS ns2.mydomain.co.uk.


mydomain.co.uk. 21600 IN A 3.3.3.3
www 21600 IN A 3.3.3.3
ns2 IN A 2.2.2.2
ns1 IN A 1.1.1.1
In the above zone file, the lines in bold are the same as if you use the $ORIGIN, so you don't need both. But it's good practice to keep the domain and the subdomain(s) that are to be managed by a different dns, separated. So better use:
Code:

$TTL 21600

@      IN      SOA    ns1.provider.com.      hostmaster.provider.com. (
<SNIP>

mydomain.co.uk.  21600    IN      NS      ns1.provider.com.
mydomain.co.uk.  21600    IN      NS      ns2.provider.com.
mydomain.co.uk.  21600    IN      NS      ns5.provider.com.
mydomain.co.uk.  21600    IN      NS      ns6.provider.com.

www  21600  IN      A      3.3.3.3
ns2      IN      A      2.2.2.2
ns1      IN      A      1.1.1.1

subdom 21600    IN      NS      ns1.mydomain.co.uk.
subdom 21600    IN      NS      ns2.mydomain.co.uk.


Pete-L 11-04-2011 08:58 AM

Hmmm strange so it looks like its configured ok then as this is what is currently configured (if a little untidy) -

Code:

$TTL 21600

@ IN SOA ns1.provider.com. hostmaster.provider.com. (
<SNIP>

mydomain.co.uk. 21600 IN NS ns1.provider.com.
mydomain.co.uk. 21600 IN NS ns2.provider.com.
mydomain.co.uk. 21600 IN NS ns5.provider.com.
mydomain.co.uk. 21600 IN NS ns6.provider.com.
subdom 21600 IN NS ns1.mydomain.co.uk.
subdom 21600 IN NS ns2.mydomain.co.uk.

mydomain.co.uk. 21600 IN A 3.3.3.3
www 21600 IN A 3.3.3.3
ns2 IN A 2.2.2.2
ns1 IN A 1.1.1.1

When I do the following

Code:

nslookup
server=8.8.8.8 (google dns)
subdom.mydomain.co.uk

it doesnt return any results

however when I do

Code:

nslookup
server=ns1.mydomain.co.uk
subdom.mydomain.co.uk

it returns -

Name: subdom.mydomain.co.uk
Address: 5.5.5.5

bathory 11-04-2011 09:32 AM

Quote:

nslookup
server=ns1.mydomain.co.uk
subdom.mydomain.co.uk

it returns -

Name: subdom.mydomain.co.uk
Address: 5.5.5.5
I don't see any A RR for subdom.mydomain.co.uk. Is this the correct IP?
What give the following:
Code:

dig ns mydomain.co.uk
dig ns subdom.mydomain.co.uk


deep27ak 11-04-2011 09:36 AM

Quote:

Originally Posted by Pete-L (Post 4515696)
Hmmm strange so it looks like its configured ok then as this is what is currently configured (if a little untidy) -

Code:

$TTL 21600

@ IN SOA ns1.provider.com. hostmaster.provider.com. (
<SNIP>

mydomain.co.uk. 21600 IN NS ns1.provider.com.
mydomain.co.uk. 21600 IN NS ns2.provider.com.
mydomain.co.uk. 21600 IN NS ns5.provider.com.
mydomain.co.uk. 21600 IN NS ns6.provider.com.
subdom 21600 IN NS ns1.mydomain.co.uk.
subdom 21600 IN NS ns2.mydomain.co.uk.

mydomain.co.uk. 21600 IN A 3.3.3.3
www 21600 IN A 3.3.3.3
ns2 IN A 2.2.2.2
ns1 IN A 1.1.1.1

When I do the following

Code:

nslookup
server=8.8.8.8 (google dns)
subdom.mydomain.co.uk

it doesnt return any results

however when I do

Code:

nslookup
server=ns1.mydomain.co.uk
subdom.mydomain.co.uk

it returns -

Name: subdom.mydomain.co.uk
Address: 5.5.5.5

also post the output of

Code:

#dig -x 1.1.1.1
#dig -x 2.2.2.2


Pete-L 11-04-2011 12:30 PM

@bathory

"dig ns mydomain.co.uk" gives
Code:

mydomain.co.uk.        21600        IN        NS        ns6.provider.com.
mydomain.co.uk.        21600        IN        NS        ns1.provider.com.
mydomain.co.uk.        21600        IN        NS        ns5.provider.com.
mydomain.co.uk.        21600        IN        NS        ns2.provider.com.

;; ADDITIONAL SECTION:
ns1.provider.com.        13490        IN        A        200.200.200.200
ns2.provider.com.        13490        IN        A        200.200.200.201

"dig ns subdom.mydomain.co.uk" gives
Code:

subdom.mydomain.co.uk.        21600        IN        NS        ns2.mydomain.co.uk.
subdom.mydomain.co.uk.        21600        IN        NS        ns1.mydomain.co.uk.

;; ADDITIONAL SECTION:
ns1.mydomain.co.uk.        21600        IN        A        1.1.1.1
ns2.mydomain.co.uk.        21600        IN        A        2.2.2.2

@deep27ak

"dig -x 1.1.1.1" gives
Code:

;; ANSWER SECTION:
1.1.1.1.in-addr.arpa. 28800 IN        PTR        ns1.mydomain.co.uk.

;; AUTHORITY SECTION:
1.1.1.in-addr.arpa. 28800        IN        NS        1.isp.com.
1.1.1.in-addr.arpa. 28800        IN        NS        2.isp.com.

;; ADDITIONAL SECTION:
1.isp.com.                13323        IN        A        50.50.50.50
2.isp.com.                13323        IN        A        50.50.50.51

"dig -x 2.2.2.2" gives
Code:

2.2.2.2.in-addr.arpa. 86400 IN        PTR        ns2.mydomain.co.uk.

;; AUTHORITY SECTION:
2.2.2.in-addr.arpa. 86400        IN        NS        1.isp2.co.uk.
2.2.2.in-addr.arpa. 86400        IN        NS        2.isp2.co.uk.

;; ADDITIONAL SECTION:
1.isp2.co.uk.        86400        IN        A        60.60.60.60
2.isp2.co.uk.        86400        IN        A        60.60.60.61

Cheers folks

bathory 11-04-2011 05:17 PM

So, it works.
From the 2 dig outputs, ns1/2/5/6.provider.com are the authoritative nameservers for mydomain.co.uk and ns1/2.mydomain.co.uk are the authoritative nameservers for subdom.mydomain.co.uk.
Now you need to configure the zone file(s) in ns1/2.mydomain.co.uk to add the A RRs for www.subdom.mydomain.co.uk and so on.

Regards

Pete-L 11-07-2011 06:19 PM

@bathory

The A records are handled by the load balancers, would this say to you that they arent serving the correct records when ns1/2.mydomain.co.uk gets queried?

Best Regards,
Pete

bathory 11-08-2011 01:15 AM

Quote:

The A records are handled by the load balancers, would this say to you that they arent serving the correct records when ns1/2.mydomain.co.uk gets queried?
By load balancers, you mean ns1/2.mydomain.co.uk?
If so, then yes, they should answer authoritatively when queried for subdom.mydomain.co.uk and hosts in that subdomain. Try some queries using dig an see if you get the correct answers:
Code:

dig subdom.mydomain.co.uk
dig +trace subdom.mydomain.co.uk
dig www.subdom.mydomain.co.uk

Regards


All times are GMT -5. The time now is 09:58 PM.