We have a network domain 172.26.80.0/21,
and I'm trying to build my test DNS server under the same domain.
My thought is I will create my DNS zone, if query can't not be found in my zone, then it forward to the upper level DNS to lookup.
I have four test VMs under my domain and upper DNS has no records.
HOSTNAME IP
------------------------
mastest 172.26.80.149
slvtest 172.26.80.151
client1 172.26.80.150
client2 172.26.80.152
I used dig to test my DNS, I can queried a host inside or not inside my zone without questions.
Code:
[root@slvtest user1]# dig client2.mydomain.com --> in my zone
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> client2.mydomain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38964
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;client2.mydomain.com. IN A
;; ANSWER SECTION:
client2.mydomain.com. 600 IN A 172.26.80.152
;; AUTHORITY SECTION:
mydomain.com. 600 IN NS ws.mydomain.com.
;; ADDITIONAL SECTION:
ws.mydomain.com. 600 IN A 172.26.80.149
;; Query time: 0 msec
;; SERVER: 172.26.80.149#53(172.26.80.149)
;; WHEN: Mon May 14 15:50:48 2018
;; MSG SIZE rcvd: 87
[root@slvtest user1]# dig cms8.wsdmn.com --> in upper DNS
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> cms8.wsdmn.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21926
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 11
;; QUESTION SECTION:
;cms8.wsdmn.com. IN A
;; ANSWER SECTION:
cms8.wsdmn.com. 776 IN A 172.26.80.208
;; AUTHORITY SECTION:
. 81461 IN NS d.root-servers.net.
. 81461 IN NS i.root-servers.net.
. 81461 IN NS c.root-servers.net.
. 81461 IN NS j.root-servers.net.
;; Query time: 0 msec
;; SERVER: 172.26.80.149#53(172.26.80.149)
;; WHEN: Mon May 14 15:51:06 2018
;; MSG SIZE rcvd: 437
But when I tried reverse lookup, I can't query hosts in upper DNS; However, It worked well to query hosts in my zone.
Code:
[root@slvtest user1]# dig -x 172.26.80.152 --> in my zone
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -x 172.26.80.152
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48188
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;152.80.26.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
152.80.26.172.in-addr.arpa. 600 IN PTR client2.mydomain.com.
;; AUTHORITY SECTION:
80.26.172.in-addr.arpa. 600 IN NS ws.mydomain.com.
;; ADDITIONAL SECTION:
ws.mydomain.com. 600 IN A 172.26.80.149
[root@slvtest user1]# dig -x 172.26.80.208 --> in upper dns
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -x 172.26.80.208
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15728
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;208.80.26.172.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
80.26.172.in-addr.arpa. 600 IN SOA ws.mydomain.com. admin.mydomain.com. 20180510 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 172.26.80.149#53(172.26.80.149)
;; WHEN: Mon May 14 15:58:34 2018
;; MSG SIZE rcvd: 101
I tried adding DNS to the dig command, It worked.
Code:
[root@slvtest user1]# dig @172.26.85.3 -x 172.26.80.208
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> @172.26.85.3 -x 172.26.80.208
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47084
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;208.80.26.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
208.80.26.172.in-addr.arpa. 3600 IN PTR cms8.wsdmn.com.
;; Query time: 2 msec
;; SERVER: 172.26.85.3#53(172.26.85.3)
;; WHEN: Mon May 14 16:11:12 2018
;; MSG SIZE rcvd: 74
Is there something I missed? Please help. Thanks.
Bind version: 9.8.2
DNS Server OS: RHEL 6.5
/etc/named.conf
Code:
options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
recursion yes;
forwarders {
172.26.85.3;
172.26.85.2;
};
allow-transfer { none; };
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "mydomain.com" IN {
type master;
file "named.mydomain.com";
};
zone "80.26.172.in-addr.arpa" IN {
type master;
file "named.172.26.80";
};
zone file: named.mydomain.com
Code:
$TTL 600
@ IN SOA ws.mydomain.com. admin.mydomain.com. (
20180510 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ws.mydomain.com.
ws.mydomain.com. IN A 172.26.80.149
;Forwarding
mydns.mydomain.com. IN A 172.26.80.149
wsdns.mydomain.com. IN CNAME mydns.mydomain.com.
mastest IN CNAME mydns.mydomain.com.
;clients in my domain
slvtest IN A 172.26.80.151
client1 IN A 172.26.80.150
client2.mydomain.com. IN A 172.26.80.152
zone file: named.172.26.80
Code:
$TTL 600
@ IN SOA ws.mydomain.com. admin.mydomain.com. (
20180510 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ws.mydomain.com.
149 IN PTR ws.mydomain.com.
;Reversing
149 IN PTR mydns.mydomain.com.
150 IN PTR client1.mydomain.com.
151 IN PTR slvtest.mydomain.com.
152 IN PTR client2.mydomain.com.