Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, I use bind 9.3.4 on RedHat 5.3, and I try to create some simple DNS related scenario.
I have two DNS servers. One of them serves rodnower.org. zone and an other service web.rodnower.org. zone.
The parent has glue record to child.
I sussessfully query all rodnower.org. records, but failed to get data from subdomain.
So here relevant data from namd.conf of parent zone:
Code:
view "main" {
...
zone "rodnower.org" IN {
type master;
file "rodnower.org.zone";
};
...
};
Here relevant records from rodnower.org.zone file:
Code:
$TTL 86400
@ IN SOA nameserver.rodnower.org. root (
2; 10M; 15M; 1W; 1D)
@ IN NS nameserver.rodnower.org.
@ IN MX 10 mailserver.rodnower.org.
web.rodnower.org. IN NS ns.web.rodnower.org.
ns.web.rodnower.org. IN A 192.168.2.150
nameserver IN A 192.168.2.200
Here is bad response for NS record of web.rodnower.org. subdomain:
OK, from the dig output 192.168.2.150 (ns.web.rodnower.org) knows it's authoritative for subdomain web.rodnower.org
There should be an error in your zone file, that I cannot spot right now. Could you try this variation:
Code:
$TTL 86400
$ORIGIN rodnower.org.
@ IN SOA nameserver.rodnower.org. root (
3;
10M;
15M;
1W;
1D)
@ IN NS nameserver.rodnower.org.
@ IN MX 10 mailserver.rodnower.org.
nameserver IN A 192.168.2.200
$ORIGIN web.rodnower.org.
IN NS ns.web.rodnower.org.
ns.web.rodnower.org. IN A 192.168.2.150
Don't forget to increase the serial before reloading zone
So I tried this, but I have the same result.
I only added the @ to one before last line. Without it I get "CNAME and other data" error (becouse I have CNAME declaration just before second $ORIGIN.
So now all zone look like this:
Code:
$TTL 86400
$ORIGIN rodnower.org.
@ IN SOA nameserver.rodnower.org. root (
5 ; serial (d. adams)
10M ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS nameserver.rodnower.org.
@ IN MX 10 mailserver.rodnower.org.
nameserver IN A 192.168.2.200
nameserver IN A 192.168.3.200
webserver IN A 192.168.2.150
webserver IN A 192.168.3.150
ftpserver IN A 192.168.2.150
dom0 IN A 192.168.2.100
mailserver IN A 192.168.2.50
router IN A 192.168.2.1
dns IN CNAME nameserver
mail IN CNAME mailserver
www IN CNAME webserver
ftp IN CNAME ftpserver
$ORIGIN web.rodnower.org.
@ IN NS ns.web.rodnower.org.
ns.web.rodnower.org. IN A 192.168.2.150
I only added the @ to one before last line. Without it I get "CNAME and other data" error (becouse I have CNAME declaration just before second $ORIGIN.
Huh. There must be an error somewhere, as the CNAME you mention is commented out and bind shouldn't complain.
I've also tried the last zone file and it worked for me (using different IPs for the ns RRs)
Code:
dig ns web.rodnower.org
; <<>> DiG 9.7.1-P2 <<>> ns web.rodnower.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7898
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;web.rodnower.org. IN NS
;; ANSWER SECTION:
web.rodnower.org. 86400 IN NS ns.web.rodnower.org.
;; ADDITIONAL SECTION:
ns.web.rodnower.org. 86234 IN A 192.168.0.77
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 28 18:34:32 2010
;; MSG SIZE rcvd: 67
Sorry, I forgot to remove comments just in the post, in real there are no comments at CNAMEs. Also becouse I added @ I have no errors now at all during sturtup (like I yet mentioned it before).
May you please let me see your named.conf file or at least relevant part of it? May be it is becouse I use view?
So named-checkzone actually validate the zone file:
Code:
[root@nameserver named]# named-checkzone -D rodnower.org /named/var/named/rodnower.org.zone
zone rodnower.org/IN: loaded serial 5
rodnower.org. 86400 IN SOA nameserver.rodnower.org. root.rodnower.org. 5 600 900 604800 86400
rodnower.org. 86400 IN NS nameserver.rodnower.org.
rodnower.org. 86400 IN MX 10 mailserver.rodnower.org.
dns.rodnower.org. 86400 IN CNAME nameserver.rodnower.org.
dom0.rodnower.org. 86400 IN A 192.168.2.100
ftp.rodnower.org. 86400 IN CNAME ftpserver.rodnower.org.
ftpserver.rodnower.org. 86400 IN A 192.168.2.150
mail.rodnower.org. 86400 IN CNAME mailserver.rodnower.org.
mailserver.rodnower.org. 86400 IN A 192.168.2.50
nameserver.rodnower.org. 86400 IN A 192.168.2.200
nameserver.rodnower.org. 86400 IN A 192.168.3.200
router.rodnower.org. 86400 IN A 192.168.2.1
web.rodnower.org. 86400 IN NS ns.web.rodnower.org.
ns.web.rodnower.org. 86400 IN A 192.168.2.150
webserver.rodnower.org. 86400 IN A 192.168.2.150
webserver.rodnower.org. 86400 IN A 192.168.3.150
www.rodnower.org. 86400 IN CNAME webserver.rodnower.org.
OK
This is dig output:
Code:
[root@nameserver named]# dig soa web.rodnower.org
; <<>> DiG 9.3.4-P1 <<>> soa web.rodnower.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2306
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;web.rodnower.org. IN SOA
;; Query time: 109 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 28 20:06:26 2010
;; MSG SIZE rcvd: 34
acl "untrusted" { 192.168.3.0/24; };
acl "trusted" { localhost; 192.168.2.0/24; };
acl "secondaries" { 192.168.2.100; };
options {
listen-on port 53 { trusted; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { !untrusted; trusted; };
allow-recursion { !untrusted; trusted; };
allow-transfer { secondaries; };
forwarders { 192.168.2.1; };
forward only;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "main" {
match-clients { !untrusted; trusted; };
match-destinations { !untrusted; trusted; };
recursion yes;
//include "/etc/named.root.hints";
include "/etc/named.rfc1912.zones";
zone "rodnower.org" IN {
type master;
file "rodnower.org.zone";
};
zone "168.192.in-addr.arpa" IN {
type master;
file "168.192.in-addr.arpa.zone";
};
};
named.conf on subdomain:
Code:
acl "untrusted" { 192.168.3.0/24; };
acl "trusted" { localhost; 192.168.2.0/24; };
acl "dom0" { 192.168.2.100; };
acl "secondary" { 192.168.2.100; };
//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
listen-on port 53 { !untrusted; trusted; };
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-query { !untrusted; trusted; };
allow-recursion { !untrusted; trusted; };
allow-transfer { localhost; secondary; };
forwarders {192.168.2.200; 192.168.2.1; };
forward only;
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "main" {
match-clients { !untrusted; trusted; };
match-destinations { !untrusted; trusted; };
recursion yes;
include "/etc/named.root.hints";
include "/etc/named.rfc1912.zones";
zone "web.rodnower.org" IN {
type master;
file "web.rodnower.org.zone";
};
};
Zone file of subdomain:
Code:
$TTL 86400
@ IN SOA web.rodnower.org. root (
1
3H
15M
1W
1D )
@ IN NS ns.web.rodnower.org.
ns IN A 192.168.2.150
webserver IN A 192.168.2.150
www IN A 192.168.2.150
mail IN A 192.168.2.150
dns IN A 192.168.2.150
apache IN A 192.168.2.150
printers IN A 192.168.2.100
No. It is not helps...
More of this: locally, on subdomain's server I get resolution of subdomain record (you may see in first post). So I guess problem some where in the main server.
What version of your bind? I use: 9.3.4.
Are you sure? Did you restart bind? And maybe flush the cache of 192.168.2.200.
You don't need "forward" and "forwarders". The dns at 192.168.2.150 has to answer authoritatively for the subdomain web.rodnower.org and not forward the queries back to 192.168.2.200.
Quote:
So I guess problem some where in the main server.
Oops, now I noticed that you have also "forwarders" in main. So whatever answer you get is from 192.168.2.1, as you use "forward only". I don't know what this dns does, but again you don't need it.
Quote:
What version of your bind? I use: 9.3.4.
I'm using 9.7.1-P2, but the version is irrelevant on this.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.