Setting up a DNS Sub Domain

quasi3 · 10-28-2009, 10:12 AM

I've tried to set up a subdomain but unsuccessfully. I've been reading 'DNS and BIND' along with numerous online tutorials.
First I would like to make sure I understand how the configuration works:

a.dom parent
b.a.dom delegated subdomain

1.In all texts I've read there is an assumption the reader knows what the resolv.conf of the CLIENTS within the subdomain contains. Does this contain the address of the parent NSs or the subdomain NSs as it's primary/secondary?

2.Does the resolv.conf on CLIENTS search a.dom or b.a.dom? I'm assuming the latter but just making sure.

3.If a client 'lou.b.a.dom' wants to lookup 'joe.a.dom' can he ping 'joe' or does he have to ping 'joe.a.dom'?

4. The reverse of #3. Can 'joe.a.dom ping'lou' or does he have to ping 'lou.b.a.dom'?

5. If 3&4 require the longer name is there a way to use only the short name?

With my current test configuration I can point a subdomain client to either the parent or child nameservers and only get what is listed in their domains.

janoszen · 10-28-2009, 03:05 PM

I'm not sure, I'm getting you right. Do you want to set up a subdomain for a registered domain in a way, that the subdomain is managed under a different zone?

If yes: you need to know nothing about resolv.conf, your DNS resolver takes care of all that. Just make sure, the resolver knows about your domain. (If you have officially registered it, this is allready the case.)

Let's take example.com az a zone, ns1.provider.com and ns2.provider.com as NS servers and 1.2.3.4 as the IP address of your NS server for the subdomain. Your zone file for example.com. would look like this:

Code:

$TTL 600
example.com. IN SOA ns1.provider.com. hostmaster.provider.com. (
 2009102601
 86400
 7200
 604800
 600 )
example.com. IN NS ns1.provider.com.
example.com. IN NS ns2.provider.com.
example.com. IN A 1.3.5.7
example.com. IN MX 5 mx.provider.com
home.example.com. IN NS ns.home.example.com.
ns.home.example.com. IN A 1.2.3.4

Note the last line. This is called a glue record. Without this, the recursor has no way of resolving ns.home.example.com. If you have done this correctly, you should now be able to create a new zone called home.example.com in your DNS server at 1.2.3.4 with all the glory and pain of a grown-up zone.

If should look like this:

Code:

$TTL 600
home.example.com. IN SOA ns.home.example.com. me.example.com (
 2009102601
 86400
 7200
 604800
 600 )
home.example.com. IN NS ns.home.example.com.
ns.home.example.com. IN A 1.2.3.4
home.example.com. IN A 1.2.3.4

I hope this helps. If you try it out, please try on a domain you don't care about. Messing with the DNS can easily result in your e-mail or website not working. You have been warned.

quasi3 · 10-28-2009, 03:48 PM

First, this is a private non-registered domain within a company.

We are a division in a separate location from our main office and are trying to create a delegated subdomain. Currently everyone is in one domain between two states.

When referring to the resolv.conf file I was speaking of the individual computers within the subdomain, not the nameservers.

Here's my current attempt:
Parent Domain:

Code:

$ORIGIN domain.nonreg.
$TTL 3600   ; 1 hour
@       IN SOA  ns1.domain.nonreg. hostmaster.domain.nonreg. (
                41982      ; serial
                900        ; refresh (15 minutes)
                600        ; retry (10 minutes)
                86400      ; expire (1 day)
                3600       ; minimum (1 hour)
                )
            NS  ns1.domain.nonreg.

$TTL 900    ; 15 minutes
apps2           A   193.xx.xx.xxx
apps3           A   193.xx.xx.xxx
apps4           A   193.xx.xx.xxx

; sub-domain definitions

child.domain.nonreg.  IN      NS     ns2.child.domain.nonreg.
; sub-domain address records for name server only - glue record
ns2.child.domain.nonreg.   IN      A      202.xx.xx.xx3 ; 'glue' record

Subdomain:

Code:

$TTL 3600   ; 1 hour
@       IN SOA  ns2.child.domain.nonreg. hostmaster.child.domain.nonreg. (
                1      ; serial
                900        ; refresh (15 minutes)
                600        ; retry (10 minutes)
                86400      ; expire (1 day)
                3600       ; minimum (1 hour)
                )
;
;Name Servers
;
child.domain.nonreg. IN   NS  ns2.child.domain.nonreg.
child.domain.nonreg. IN    A 202.xx.xx.xx3

$ORIGIN child.domain.nonreg.
$TTL 86400  ; 1 day
rd01         A   202.xx.xx.xxx
rd02         A   202.xx.xx.xxx
rd03         A   202.xx.xx.xxx

Currently this does not work. I can only resolve one domain or the other depending on the which I choose for a name server.
Anything obvious?

janoszen · 10-29-2009, 03:10 AM

In case of private domains, you _MUST_ let your network's resolver know about the domain. However, since a domain is really (really) cheap, you could just buy one. Your time might cost your company more.

quasi3 · 10-29-2009, 09:38 AM

This setup is mainly for programmers to easily shell into different servers to work. I don't see a reason to buy a domain. It's been working fine without an added subdomain, we just want to add the subdomain now. Everything should be resolved internally, outside of surfing the web.

janoszen · 10-29-2009, 12:49 PM

I don't really understand your question then. You just need to add the subdomain to your existing zone.

quasi3 · 10-29-2009, 01:05 PM

Right, and it's not working.

janoszen · 10-30-2009, 04:36 AM

Try the "dig" tool to query your DNS entries. First, start off with a recursion using your resolver. If that works, go into details querying records around your subdomain.

quasi3 · 10-30-2009, 11:05 AM

I still haven't gotten answers to my original questions.

What nameserver should any tom, dick, or harry's resolver (in the subdomain) point to in resolv.conf? The subdomain nameserver or the parent nameserver?

Also, do my configuration files look correct?

the_penguinator · 10-30-2009, 01:31 PM

Quote:

Originally Posted by quasi3

I've tried to set up a subdomain but unsuccessfully.

this sounds like a job for dnsmasq

quasi3 · 10-30-2009, 01:31 PM

Think I found my problem.
My named.conf file in the parent had a typo.
Now trying to get my head around how the cross slaving works.

janoszen · 10-30-2009, 01:43 PM

Cleartext: the resolver needs to know about your domains. dnsmasq, bind or whatever. Your choice. You need to configure it to read from your DNS szerver FIRST, recurse afterwards.