hi
i tested this feature on my private dns server
there is some cut of my first dns (2.2.2.2) named.conf :
Code:
options {
listen-on port 53 { 2.2.2.2;172.16.82.252; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
datasize 100M;
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
empty-zones-enable yes;
querylog yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
transfer-source 2.2.2.2;
notify-source 2.2.2.2;
allow-new-zones yes;
# allow-recursion { any; };
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
......
zone "china.com" IN {
type master;
file "china.com.zone";
allow-update { none; };
};
...........
china.com.zone
Code:
$TTL 1D
@ IN SOA @ mail.china.com. (
2015120105 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns2.china.com.
ns2 IN A 9.9.9.9 ; this glue record
cut of my second dns (9.9.9.9) named.conf
Code:
options {
listen-on port 53 { 9.9.9.9;172.16.85.241; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
datasize 100M;
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
empty-zones-enable yes;
querylog yes;
allow-recursion { any; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
transfer-source 9.9.9.9;
notify-source 9.9.9.9;
allow-new-zones yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
.....
zone "china.com" IN {
type master;
file "masters/china.com.zone";
allow-update { none; };
};
....
china.com.zone in second dns
Code:
$TTL 1D
@ IN SOA @ mail.china.com. (
2015120102 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.china.com.
IN NS ns3.china.com.
@ IN MX 5 mail.china.com.
@ IN A 9.9.9.9
ns1 IN A 2.2.2.2 ; this is glue record
ns2 IN A 9.9.9.9 ; this is glue record
ns3 IN A 1.1.1.1 ; this is glue record
mail IN A 3.3.3.3
us IN A 4.4.4.4
ftp IN CNAME www
named service is working fine, it can resolve other namespace ,
when i dig china.com, the output is as follow:
Code:
; <<>> DiG 9.10.3 <<>> china.com @2.2.2.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50733
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;china.com. IN A
;; AUTHORITY SECTION:
china.com. 10800 IN SOA china.com. mail.china.com. 2015120105 86400 3600 604800 10800
;; Query time: 178 msec
;; SERVER: 2.2.2.2#53(2.2.2.2)
;; WHEN: Tue Dec 01 16:14:32 CST 2015
;; MSG SIZE rcvd: 79
in my thinking is DNS1 delegated dns2 as a delegation server for zone china.com. , so, when host query dns1 for ip address of china.com, dns1 will ask dns2 before its recursion was activated .
as the output of dig said,
dns1 did not ask dns2. i seach many articles of delegation of dns, all results are pointing out my zone file is correct, but i dont think so , i must miss something.