Adding 'static' records to a Cacheing only DNS server?

Paul_Randle · 08-17-2005, 07:39 AM

Hi,

I am attempting to create a Cacheing only DNS server (Using RH9) that can incorporate both forward and reverse name resolution on computers within multiple domains where the DNS servers responsible for those domains do not have these records.

To explain:

The cacheing name server will be set up as the primary nameserver for the client pcs within the various domains so that external name resolution is performed by this server through recursion and the results held within cache, the secondary name server will be listed as the internal authoritative name for the individual domains (based on AD) so that internal resolution for 'known' computers is performed here.

The challenge arises where certain machines (be that linux, solaris, AS400, cisco, etc) are not incorporated in the AD structure meaning that resolution can not be performed.

The idea is to set up some sort of static mappings on the cacheing server to resolve these directly when a client uses DNS to query, this needs to be done away from the *doze boxes.

Any pointers/suggestions as to how I can achieve this?

peter_robb · 08-17-2005, 04:25 PM

Have a look at dnsmasq..

It has the options you are looking for..

Paul_Randle · 08-19-2005, 03:06 AM

Thanks for that,

although it doesn't do its own recursive queries which is a bit of a pain - everything else is there, so just need to sort out whether I can work out a way to get this machine to recurse for itself - the box has 2 NICs if I were to have dnsmasq bind only to one of them (address to be used for the internal network to query) and set-up BIND as a caching only name server on the other for dnsmasq to query this might be an option.

Do you think this would 'work'?

or else I'll have to resort to pointing it at another box to do the recursion.

scowles · 08-19-2005, 07:18 AM

I haven't tried this, so if you try the following suggestion, be ready to undo your changes quickly if this does not work.

First, I have a similar situation where I work. My solution was to create a "forward" zone for the internal domains that point to the AD controllers. I then got with the AD admins and had them add the routers, switches, etc.. to the DNS server running on the AD controllers. Example: named.conf using forwarder statements

Code:

view "internal" in {
        //Only allow trusted nets
        match-clients { trusted-nets; };
 
        // Enable recursion for this view
        recursion yes;
 
        // Cache data retrieved in this view
        additional-from-auth yes;
        additional-from-cache yes;
 
        // Load the "root" (hints) zone
        zone "." in {
                type hint;                      // Zone is of type hint
                file "root.cache";              // Specify the root filename
        };

[...more authoritative zones...]

        // Load the internal forward lookup zone
        zone "mydomain.net" in {
                type forward;                   // Zone is of type forward
                forward only;                   // Forward queries
                forwarders { 172.30.1.31;
                             10.1.100.13; };    // Forward to AD DNS servers
        };
 
        // Load the internal reverse lookup zone
        zone "10.in-addr.arpa" in {
                type forward;                   // Zone is of type forward
                forward only;                   // Forward queries
                forwarders { 172.30.1.31;
                             10.1.100.13; };    // Forward to AD DNS servers
        };

Now for my suggestion.

Try adding a delegation record to your master zone file for all other records not resolved within the zone. i.e. from db.mydomain.com zone file

Code:

[...SOA stuff deleted...]

;#######################################################################
; mydomain.com Address Records (A)
;#######################################################################
localhost       IN      A       127.0.0.1
 
; Name Server records
ns1             IN      A       192.168.200.50
ns2             IN      A       192.168.100.50
 
; Web/Internet based records
smtp1           IN      A       192.168.200.25
smtp2           IN      A       192.168.100.25

[...other A records deleted...]
;#######################################################################
; Using wildcard *, deletgate all other lookups (using NS record) 
; for mydomain.com to one of the AD controllers
;#######################################################################
*.mydomain.com.    IN     NS     10.1.100.13

Again, I have never tried or even tested the above. But if this works, queries for smtp1.mydomain.com would be answered by this DNS server, but a query for lets say, host1.mydomain.com would be forwarded (delegated) to the AD controller and the result returned to your DNS server. What I'm unsure of is the impact of using a wildcard on a NS record. Using wildcards is permitted, but its use is typically limited to address records.

Good luck!