FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-04-2008, 11:03 PM
 
Default Bind and reverse subdomains

Hi all,

First, please bear with me; i know this is not the place to ask about
BIND; but i'm hoping that, someone out there could help me. Also, sorry
for the lengthy post but most of it is to explain my scenario. And I
believe, the answer to my question will be very short.

Basically, I tried to delegate a reverse sub-domain (a subnet smaller than
/24). I could query a PTR record from the parent server but i could not
from the child server where all the configuration of the sub-domain
belongs.

Here is the detail:

I have my home network connected to my office network with a registered
domain (office.net, for example) with the scenario below. On the Office
DNS server (ns1.office.net), I would like to delegate both the forward
sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home DNS
server (ns1.home.office.net).

My problem is that, on the Home server, i could not do this query:

$ host 192.168.9.33
Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)

While from the Office server, i can:
$ host 192.168.9.33
33.9.168.192.in-addr.arpa is an alias for 33.32-39.9.168.192.in-addr.arpa.
33.32-39.9.168.192.in-addr.arpa domain name pointer ns1.home.kis.net.kh.

What could be the cause of problem? I might miss a transition somewhere
between the office parent zone and the home child zone. But i just don't
know. Everything else seems to work fine (the sub-domain forward zones are
ok).

I've been following the book of O'Reilly "DNS & BIND", 5th edition, which
is a great book i found; but the part on the reverse sub-domain is a bit
too tricky for me.

Could someone please help me out?

Here is the scenario:

Office Network:
===============
Domain: office.net (not real, used as example here only)
IP subnet : 192.168.9.0/24 (not real, used as example here only)
DNS Server: ns1.office.net (IP:192.168.9.1)

Home Network:
==============
Domain: home.office.net
IP Subnet : 192.168.9.32/28
DNS Server: ns1.home.office.net (IP:192.168.9.33)

On both of the DNS servers, i'm running BIND on Fedora 9.
The configuration files on the Office server (ns1.office.net) looks as below:

1. /etc/resolv.conf

=== Beginning of file ===
search office.net
nameserver 192.168.9.1
nameserver 192.168.9.2
=== End of file ===

2. /var/named/chroot/etc/named.conf
(I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
/etc/sysconfig/named)

=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.1;};
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { trusted;};
recursion yes;
};

acl trusted {127.0.0.1; 192.168.9.0/24;};

include "/etc/named.rfc1912.zones";

zone "office.net" IN {
type master;
file "office.zone";
};

zone "9.168.192.in-addr.arpa" IN {
type master;
file "9.168.192.zone";
};
=== End of file===

3. /var/named/chroot/var/named/office.zone

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.
MX 10 mail1.office.net.
MX 20 mail2.office.net.
A 192.168.9.12

ns1 IN A 192.168.9.1
ns2 IN A 192.168.9.2
mail1 IN A 192.168.9.11
mail2 IN A 192.168.9.12
www IN CNAME mail2

;; Glue records for home.office.net
home IN NS ns1.home
ns1.home IN A 192.168.9.33
=== End of file ===

4. /var/named/chroot/var/named/9.168.192.zone:

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.

1 IN PTR ns1.office.net.
2 IN PTR ns2.office.net.
11 IN PTR mail1.office.net.
12 IN PTR mail2.office.net.

$GENERATE 33-39 $ CNAME $.32-39
32-39 IN NS ns1.home.office.net.
=== End of file ===

And finally, the configuration files on the Home server
(ns1.home.office.net) looks as below:

1. /etc/resolv.conf

#=== Beginning of file ===
search home.office.net
nameserver 192.168.9.33
#=== End of file ===

2. /var/named/chroot/etc/named.conf

//=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.33;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; 192.168.9.32/28;};
// forward first;
// forwarders {192.168.9.5;};
};

include "/etc/named.rfc1912.zones";

zone "home.kis.net.kh" IN {
type master;
file "home.zone";
};

zone "32-39.9.168.192.in-addr.arpa" IN {
type master;
file "32-39.9.168.192.zone";
};
//=== End of file ===

3. /var/named/chroot/var/named/home.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.
IN MX 10 mail.home.office.net.

ns1 IN A 192.168.9.33
mail IN A 192.168.9.35
;=== End of file ===

4. /var/named/chroot/var/named/32-39.9.168.192.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080203 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.

33 IN PTR ns1.home.office.net.
35 IN PTR mail.home.office.net.
;=== End of file ===

Thanks in advance for any ideas?

Best,
Khem


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 11:11 PM
 
Default Bind and reverse subdomains

Sorry, here again the named.conf file on the Home DNS server:

/var/named/chroot/etc/named.conf

//=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.33;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; 192.168.9.32/28;};
// forward first;
// forwarders {192.168.9.5;};
};

include "/etc/named.rfc1912.zones";

zone "home.office.net" IN {
type master;
file "home.zone";
};

zone "32-39.9.168.192.in-addr.arpa" IN {
type master;
file "32-39.9.168.192.zone";
};
//=== End of file ===

> Hi all,
>
> First, please bear with me; i know this is not the place to ask about
> BIND; but i'm hoping that, someone out there could help me. Also, sorry
> for the lengthy post but most of it is to explain my scenario. And I
> believe, the answer to my question will be very short.
>
> Basically, I tried to delegate a reverse sub-domain (a subnet smaller than
> /24). I could query a PTR record from the parent server but i could not
> from the child server where all the configuration of the sub-domain
> belongs.
>
> Here is the detail:
>
> I have my home network connected to my office network with a registered
> domain (office.net, for example) with the scenario below. On the Office
> DNS server (ns1.office.net), I would like to delegate both the forward
> sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home DNS
> server (ns1.home.office.net).
>
> My problem is that, on the Home server, i could not do this query:
>
> $ host 192.168.9.33
> Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)
>
> While from the Office server, i can:
> $ host 192.168.9.33
> 33.9.168.192.in-addr.arpa is an alias for 33.32-39.9.168.192.in-addr.arpa.
> 33.32-39.9.168.192.in-addr.arpa domain name pointer ns1.home.kis.net.kh.
>
> What could be the cause of problem? I might miss a transition somewhere
> between the office parent zone and the home child zone. But i just don't
> know. Everything else seems to work fine (the sub-domain forward zones are
> ok).
>
> I've been following the book of O'Reilly "DNS & BIND", 5th edition, which
> is a great book i found; but the part on the reverse sub-domain is a bit
> too tricky for me.
>
> Could someone please help me out?
>
> Here is the scenario:
>
> Office Network:
> ===============
> Domain: office.net (not real, used as example here only)
> IP subnet : 192.168.9.0/24 (not real, used as example here only)
> DNS Server: ns1.office.net (IP:192.168.9.1)
>
> Home Network:
> ==============
> Domain: home.office.net
> IP Subnet : 192.168.9.32/28
> DNS Server: ns1.home.office.net (IP:192.168.9.33)
>
> On both of the DNS servers, i'm running BIND on Fedora 9.
> The configuration files on the Office server (ns1.office.net) looks as
> below:
>
> 1. /etc/resolv.conf
>
> === Beginning of file ===
> search office.net
> nameserver 192.168.9.1
> nameserver 192.168.9.2
> === End of file ===
>
> 2. /var/named/chroot/etc/named.conf
> (I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
> /etc/sysconfig/named)
>
> === Beginning of file ===
> options {
> listen-on port 53 { 127.0.0.1; 192.168.9.1;};
> // listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { trusted;};
> recursion yes;
> };
>
> acl trusted {127.0.0.1; 192.168.9.0/24;};
>
> include "/etc/named.rfc1912.zones";
>
> zone "office.net" IN {
> type master;
> file "office.zone";
> };
>
> zone "9.168.192.in-addr.arpa" IN {
> type master;
> file "9.168.192.zone";
> };
> === End of file===
>
> 3. /var/named/chroot/var/named/office.zone
>
> === Beginning of file ===
> $TTL 1D
> @ IN SOA ns1.office.net. root.office.net. (
> 08080201 ; serial
> 1D ; refresh
> 1H ; retry
> 1W ; expire
> 3H ) ; minimum
> NS ns1.office.net.
> NS ns2.office.net.
> MX 10 mail1.office.net.
> MX 20 mail2.office.net.
> A 192.168.9.12
>
> ns1 IN A 192.168.9.1
> ns2 IN A 192.168.9.2
> mail1 IN A 192.168.9.11
> mail2 IN A 192.168.9.12
> www IN CNAME mail2
>
> ;; Glue records for home.office.net
> home IN NS ns1.home
> ns1.home IN A 192.168.9.33
> === End of file ===
>
> 4. /var/named/chroot/var/named/9.168.192.zone:
>
> === Beginning of file ===
> $TTL 1D
> @ IN SOA ns1.office.net. root.office.net. (
> 08080203 ; serial
> 1D ; refresh
> 1H ; retry
> 1W ; expire
> 3H ) ; minimum
> NS ns1.office.net.
> NS ns2.office.net.
>
> 1 IN PTR ns1.office.net.
> 2 IN PTR ns2.office.net.
> 11 IN PTR mail1.office.net.
> 12 IN PTR mail2.office.net.
>
> $GENERATE 33-39 $ CNAME $.32-39
> 32-39 IN NS ns1.home.office.net.
> === End of file ===
>
> And finally, the configuration files on the Home server
> (ns1.home.office.net) looks as below:
>
> 1. /etc/resolv.conf
>
> #=== Beginning of file ===
> search home.office.net
> nameserver 192.168.9.33
> #=== End of file ===
>
> 2. /var/named/chroot/etc/named.conf
>
> //=== Beginning of file ===
> options {
> listen-on port 53 { 127.0.0.1; 192.168.9.33;};
> listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> query-source port 53;
> query-source-v6 port 53;
> allow-query { localhost; 192.168.9.32/28;};
> // forward first;
> // forwarders {192.168.9.5;};
> };
>
> include "/etc/named.rfc1912.zones";
>
> zone "home.kis.net.kh" IN {
> type master;
> file "home.zone";
> };
>
> zone "32-39.9.168.192.in-addr.arpa" IN {
> type master;
> file "32-39.9.168.192.zone";
> };
> //=== End of file ===
>
> 3. /var/named/chroot/var/named/home.zone
>
> ;=== Beginning of file ===
> $TTL 86400
> @ IN SOA ns1.home.office.net. root.home.office.net. (
> 08080501 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> IN NS ns1.home.office.net.
> IN MX 10 mail.home.office.net.
>
> ns1 IN A 192.168.9.33
> mail IN A 192.168.9.35
> ;=== End of file ===
>
> 4. /var/named/chroot/var/named/32-39.9.168.192.zone
>
> ;=== Beginning of file ===
> $TTL 86400
> @ IN SOA ns1.home.office.net. root.home.office.net. (
> 08080203 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> IN NS ns1.home.office.net.
>
> 33 IN PTR ns1.home.office.net.
> 35 IN PTR mail.home.office.net.
> ;=== End of file ===
>
> Thanks in advance for any ideas?
>
> Best,
> Khem
>
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 11:22 PM
 
Default Bind and reverse subdomains

Sorry all again:
I don't mean to flood my mails to the list but my previous post was a
little messed up as i cut and paste a lot trying not to show my real
domain.

Now i'd like to send the whole thing again with corrections:

********

First, please bear with me; i know this is not the place to ask about
BIND; but i'm hoping that, someone out there could help me. Also, sorry
for the lengthy post but most of it is to explain my scenario. And I
believe, the answer to my question will be very short.

Basically, I tried to delegate a reverse sub-domain (a subnet smaller than
/24). I could query a PTR record from the parent server but i could not
from the child server where all the configuration of the sub-domain
belongs.

Here is the detail:

I have my home network connected to my office network with a registered
domain (office.net, for example) with the scenario below. On the Office
DNS server (ns1.office.net), I would like to delegate both the forward
sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home DNS
server (ns1.home.office.net).

My problem is that, on the Home server, i could not do this query:

$ host 192.168.9.33
Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)

While from the Office server, i can:
$ host 192.168.9.33
33.9.168.192.in-addr.arpa is an alias for 33.32-39.9.168.192.in-addr.arpa.
33.32-39.9.168.192.in-addr.arpa domain name pointer ns1.home.office.net.

What could be the cause of problem? I might miss a transition somewhere
between the office parent zone and the home child zone. But i just don't
know. Everything else seems to work fine (the sub-domain forward zones are
ok).

I've been following the book of O'Reilly "DNS & BIND", 5th edition, which
is a great book i found; but the part on the reverse sub-domain is a bit
too tricky for me.

Could someone please help me out?

Here is the scenario:

Office Network:
===============
Domain: office.net (not real, used as example here only)
IP subnet : 192.168.9.0/24 (not real, used as example here only)
DNS Server: ns1.office.net (IP:192.168.9.1)

Home Network:
==============
Domain: home.office.net
IP Subnet : 192.168.9.32/28
DNS Server: ns1.home.office.net (IP:192.168.9.33)

On both of the DNS servers, i'm running BIND on Fedora 9.
The configuration files on the Office server (ns1.office.net) looks as below:

1. /etc/resolv.conf

=== Beginning of file ===
search office.net
nameserver 192.168.9.1
nameserver 192.168.9.2
=== End of file ===

2. /var/named/chroot/etc/named.conf
(I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
/etc/sysconfig/named)

=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.1;};
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { trusted;};
recursion yes;
};

acl trusted {127.0.0.1; 192.168.9.0/24;};

include "/etc/named.rfc1912.zones";

zone "office.net" IN {
type master;
file "office.zone";
};

zone "9.168.192.in-addr.arpa" IN {
type master;
file "9.168.192.zone";
};
=== End of file===

3. /var/named/chroot/var/named/office.zone

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.
MX 10 mail1.office.net.
MX 20 mail2.office.net.
A 192.168.9.12

ns1 IN A 192.168.9.1
ns2 IN A 192.168.9.2
mail1 IN A 192.168.9.11
mail2 IN A 192.168.9.12
www IN CNAME mail2

;; Glue records for home.office.net
home IN NS ns1.home
ns1.home IN A 192.168.9.33
=== End of file ===

4. /var/named/chroot/var/named/9.168.192.zone:

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.

1 IN PTR ns1.office.net.
2 IN PTR ns2.office.net.
11 IN PTR mail1.office.net.
12 IN PTR mail2.office.net.

$GENERATE 33-39 $ CNAME $.32-39
32-39 IN NS ns1.home.office.net.
=== End of file ===

And finally, the configuration files on the Home server
(ns1.home.office.net) looks as below:

1. /etc/resolv.conf

#=== Beginning of file ===
search home.office.net
nameserver 192.168.9.33
#=== End of file ===

2. /var/named/chroot/etc/named.conf

//=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.33;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; 192.168.9.32/28;};
// forward first;
// forwarders {192.168.9.5;};
};

include "/etc/named.rfc1912.zones";

zone "home.office.net" IN {
type master;
file "home.zone";
};

zone "32-39.9.168.192.in-addr.arpa" IN {
type master;
file "32-39.9.168.192.zone";
};
//=== End of file ===

3. /var/named/chroot/var/named/home.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.
IN MX 10 mail.home.office.net.

ns1 IN A 192.168.9.33
mail IN A 192.168.9.35
;=== End of file ===

4. /var/named/chroot/var/named/32-39.9.168.192.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080203 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.

33 IN PTR ns1.home.office.net.
35 IN PTR mail.home.office.net.
;=== End of file ===

Thanks in advance for any ideas?

Best,
Khem



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 11:29 PM
Ed Greshko
 
Default Bind and reverse subdomains

lin.kh@wicam.com.kh wrote:

Sorry all again:
I don't mean to flood my mails to the list but my previous post was a
little messed up as i cut and paste a lot trying not to show my real
domain.


Take a hint from Tom Eastep the author of "shorewall".

"As a general matter, please do not edit the diagnostic information in an
attempt to conceal your IP address, netmask, nameserver addresses, domain
name, etc. These aren't secrets, and concealing them often misleads us (and
80% of the time, a cracker could derive them anyway from information
contained in the SMTP headers of your post)."


Even if you've emailed using a different domain you may have muddied the
waters such that it would be difficult for people to really help you.


I, for one, spend little time obfuscated posts.




Now i'd like to send the whole thing again with corrections:

********

First, please bear with me; i know this is not the place to ask about
BIND; but i'm hoping that, someone out there could help me. Also, sorry
for the lengthy post but most of it is to explain my scenario. And I
believe, the answer to my question will be very short.

Basically, I tried to delegate a reverse sub-domain (a subnet smaller than
/24). I could query a PTR record from the parent server but i could not
from the child server where all the configuration of the sub-domain
belongs.

Here is the detail:

I have my home network connected to my office network with a registered
domain (office.net, for example) with the scenario below. On the Office
DNS server (ns1.office.net), I would like to delegate both the forward
sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home DNS
server (ns1.home.office.net).

My problem is that, on the Home server, i could not do this query:

$ host 192.168.9.33
Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)

While from the Office server, i can:
$ host 192.168.9.33
33.9.168.192.in-addr.arpa is an alias for 33.32-39.9.168.192.in-addr.arpa.
33.32-39.9.168.192.in-addr.arpa domain name pointer ns1.home.office.net.

What could be the cause of problem? I might miss a transition somewhere
between the office parent zone and the home child zone. But i just don't
know. Everything else seems to work fine (the sub-domain forward zones are
ok).

I've been following the book of O'Reilly "DNS & BIND", 5th edition, which
is a great book i found; but the part on the reverse sub-domain is a bit
too tricky for me.

Could someone please help me out?

Here is the scenario:

Office Network:
===============
Domain: office.net (not real, used as example here only)
IP subnet : 192.168.9.0/24 (not real, used as example here only)
DNS Server: ns1.office.net (IP:192.168.9.1)

Home Network:
==============
Domain: home.office.net
IP Subnet : 192.168.9.32/28
DNS Server: ns1.home.office.net (IP:192.168.9.33)

On both of the DNS servers, i'm running BIND on Fedora 9.
The configuration files on the Office server (ns1.office.net) looks as below:

1. /etc/resolv.conf

=== Beginning of file ===
search office.net
nameserver 192.168.9.1
nameserver 192.168.9.2
=== End of file ===

2. /var/named/chroot/etc/named.conf
(I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
/etc/sysconfig/named)

=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.1;};
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { trusted;};
recursion yes;
};

acl trusted {127.0.0.1; 192.168.9.0/24;};

include "/etc/named.rfc1912.zones";

zone "office.net" IN {
type master;
file "office.zone";
};

zone "9.168.192.in-addr.arpa" IN {
type master;
file "9.168.192.zone";
};
=== End of file===

3. /var/named/chroot/var/named/office.zone

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.
MX 10 mail1.office.net.
MX 20 mail2.office.net.
A 192.168.9.12

ns1 IN A 192.168.9.1
ns2 IN A 192.168.9.2
mail1 IN A 192.168.9.11
mail2 IN A 192.168.9.12
www IN CNAME mail2

;; Glue records for home.office.net
home IN NS ns1.home
ns1.home IN A 192.168.9.33
=== End of file ===

4. /var/named/chroot/var/named/9.168.192.zone:

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.

1 IN PTR ns1.office.net.
2 IN PTR ns2.office.net.
11 IN PTR mail1.office.net.
12 IN PTR mail2.office.net.

$GENERATE 33-39 $ CNAME $.32-39
32-39 IN NS ns1.home.office.net.
=== End of file ===

And finally, the configuration files on the Home server
(ns1.home.office.net) looks as below:

1. /etc/resolv.conf

#=== Beginning of file ===
search home.office.net
nameserver 192.168.9.33
#=== End of file ===

2. /var/named/chroot/etc/named.conf

//=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.33;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; 192.168.9.32/28;};
// forward first;
// forwarders {192.168.9.5;};
};

include "/etc/named.rfc1912.zones";

zone "home.office.net" IN {
type master;
file "home.zone";
};

zone "32-39.9.168.192.in-addr.arpa" IN {
type master;
file "32-39.9.168.192.zone";
};
//=== End of file ===

3. /var/named/chroot/var/named/home.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.
IN MX 10 mail.home.office.net.

ns1 IN A 192.168.9.33
mail IN A 192.168.9.35
;=== End of file ===

4. /var/named/chroot/var/named/32-39.9.168.192.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080203 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.

33 IN PTR ns1.home.office.net.
35 IN PTR mail.home.office.net.
;=== End of file ===

Thanks in advance for any ideas?

Best,
Khem






--
I met my latest girl friend in a department store. She was looking at
clothes, and I was putting Slinkys on the escalators.
-- Steven Wright

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 11:44 PM
 
Default Bind and reverse subdomains

Thanks, will take it as good advice. And sorry to those who got confused
or offended with my post. While i was writing the message, i tried to
reproduce the scenario, which lead me to the mess . very sorry again.


> lin.kh@wicam.com.kh wrote:
>> Sorry all again:
>> I don't mean to flood my mails to the list but my previous post was a
>> little messed up as i cut and paste a lot trying not to show my real
>> domain.
>
> Take a hint from Tom Eastep the author of "shorewall".
>
> "As a general matter, please do not edit the diagnostic information in an
> attempt to conceal your IP address, netmask, nameserver addresses, domain
> name, etc. These aren't secrets, and concealing them often misleads us
> (and
> 80% of the time, a cracker could derive them anyway from information
> contained in the SMTP headers of your post)."
>
> Even if you've emailed using a different domain you may have muddied the
> waters such that it would be difficult for people to really help you.
>
> I, for one, spend little time obfuscated posts.
>
>
>>
>> Now i'd like to send the whole thing again with corrections:
>>
>> ********
>>
>> First, please bear with me; i know this is not the place to ask about
>> BIND; but i'm hoping that, someone out there could help me. Also, sorry
>> for the lengthy post but most of it is to explain my scenario. And I
>> believe, the answer to my question will be very short.
>>
>> Basically, I tried to delegate a reverse sub-domain (a subnet smaller
>> than
>> /24). I could query a PTR record from the parent server but i could not
>> from the child server where all the configuration of the sub-domain
>> belongs.
>>
>> Here is the detail:
>>
>> I have my home network connected to my office network with a registered
>> domain (office.net, for example) with the scenario below. On the Office
>> DNS server (ns1.office.net), I would like to delegate both the forward
>> sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home
>> DNS
>> server (ns1.home.office.net).
>>
>> My problem is that, on the Home server, i could not do this query:
>>
>> $ host 192.168.9.33
>> Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)
>>
>> While from the Office server, i can:
>> $ host 192.168.9.33
>> 33.9.168.192.in-addr.arpa is an alias for
>> 33.32-39.9.168.192.in-addr.arpa.
>> 33.32-39.9.168.192.in-addr.arpa domain name pointer ns1.home.office.net.
>>
>> What could be the cause of problem? I might miss a transition somewhere
>> between the office parent zone and the home child zone. But i just don't
>> know. Everything else seems to work fine (the sub-domain forward zones
>> are
>> ok).
>>
>> I've been following the book of O'Reilly "DNS & BIND", 5th edition,
>> which
>> is a great book i found; but the part on the reverse sub-domain is a bit
>> too tricky for me.
>>
>> Could someone please help me out?
>>
>> Here is the scenario:
>>
>> Office Network:
>> ===============
>> Domain: office.net (not real, used as example here only)
>> IP subnet : 192.168.9.0/24 (not real, used as example here only)
>> DNS Server: ns1.office.net (IP:192.168.9.1)
>>
>> Home Network:
>> ==============
>> Domain: home.office.net
>> IP Subnet : 192.168.9.32/28
>> DNS Server: ns1.home.office.net (IP:192.168.9.33)
>>
>> On both of the DNS servers, i'm running BIND on Fedora 9.
>> The configuration files on the Office server (ns1.office.net) looks as
>> below:
>>
>> 1. /etc/resolv.conf
>>
>> === Beginning of file ===
>> search office.net
>> nameserver 192.168.9.1
>> nameserver 192.168.9.2
>> === End of file ===
>>
>> 2. /var/named/chroot/etc/named.conf
>> (I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
>> /etc/sysconfig/named)
>>
>> === Beginning of file ===
>> options {
>> listen-on port 53 { 127.0.0.1; 192.168.9.1;};
>> // listen-on-v6 port 53 { ::1; };
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>> allow-query { trusted;};
>> recursion yes;
>> };
>>
>> acl trusted {127.0.0.1; 192.168.9.0/24;};
>>
>> include "/etc/named.rfc1912.zones";
>>
>> zone "office.net" IN {
>> type master;
>> file "office.zone";
>> };
>>
>> zone "9.168.192.in-addr.arpa" IN {
>> type master;
>> file "9.168.192.zone";
>> };
>> === End of file===
>>
>> 3. /var/named/chroot/var/named/office.zone
>>
>> === Beginning of file ===
>> $TTL 1D
>> @ IN SOA ns1.office.net. root.office.net. (
>> 08080201 ; serial
>> 1D ; refresh
>> 1H ; retry
>> 1W ; expire
>> 3H ) ; minimum
>> NS ns1.office.net.
>> NS ns2.office.net.
>> MX 10 mail1.office.net.
>> MX 20 mail2.office.net.
>> A 192.168.9.12
>>
>> ns1 IN A 192.168.9.1
>> ns2 IN A 192.168.9.2
>> mail1 IN A 192.168.9.11
>> mail2 IN A 192.168.9.12
>> www IN CNAME mail2
>>
>> ;; Glue records for home.office.net
>> home IN NS ns1.home
>> ns1.home IN A 192.168.9.33
>> === End of file ===
>>
>> 4. /var/named/chroot/var/named/9.168.192.zone:
>>
>> === Beginning of file ===
>> $TTL 1D
>> @ IN SOA ns1.office.net. root.office.net. (
>> 08080203 ; serial
>> 1D ; refresh
>> 1H ; retry
>> 1W ; expire
>> 3H ) ; minimum
>> NS ns1.office.net.
>> NS ns2.office.net.
>>
>> 1 IN PTR ns1.office.net.
>> 2 IN PTR ns2.office.net.
>> 11 IN PTR mail1.office.net.
>> 12 IN PTR mail2.office.net.
>>
>> $GENERATE 33-39 $ CNAME $.32-39
>> 32-39 IN NS ns1.home.office.net.
>> === End of file ===
>>
>> And finally, the configuration files on the Home server
>> (ns1.home.office.net) looks as below:
>>
>> 1. /etc/resolv.conf
>>
>> #=== Beginning of file ===
>> search home.office.net
>> nameserver 192.168.9.33
>> #=== End of file ===
>>
>> 2. /var/named/chroot/etc/named.conf
>>
>> //=== Beginning of file ===
>> options {
>> listen-on port 53 { 127.0.0.1; 192.168.9.33;};
>> listen-on-v6 port 53 { ::1; };
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>> query-source port 53;
>> query-source-v6 port 53;
>> allow-query { localhost; 192.168.9.32/28;};
>> // forward first;
>> // forwarders {192.168.9.5;};
>> };
>>
>> include "/etc/named.rfc1912.zones";
>>
>> zone "home.office.net" IN {
>> type master;
>> file "home.zone";
>> };
>>
>> zone "32-39.9.168.192.in-addr.arpa" IN {
>> type master;
>> file "32-39.9.168.192.zone";
>> };
>> //=== End of file ===
>>
>> 3. /var/named/chroot/var/named/home.zone
>>
>> ;=== Beginning of file ===
>> $TTL 86400
>> @ IN SOA ns1.home.office.net. root.home.office.net. (
>> 08080501 ; Serial
>> 28800 ; Refresh
>> 14400 ; Retry
>> 3600000 ; Expire
>> 86400 ) ; Minimum
>> IN NS ns1.home.office.net.
>> IN MX 10 mail.home.office.net.
>>
>> ns1 IN A 192.168.9.33
>> mail IN A 192.168.9.35
>> ;=== End of file ===
>>
>> 4. /var/named/chroot/var/named/32-39.9.168.192.zone
>>
>> ;=== Beginning of file ===
>> $TTL 86400
>> @ IN SOA ns1.home.office.net. root.home.office.net. (
>> 08080203 ; Serial
>> 28800 ; Refresh
>> 14400 ; Retry
>> 3600000 ; Expire
>> 86400 ) ; Minimum
>> IN NS ns1.home.office.net.
>>
>> 33 IN PTR ns1.home.office.net.
>> 35 IN PTR mail.home.office.net.
>> ;=== End of file ===
>>
>> Thanks in advance for any ideas?
>>
>> Best,
>> Khem
>>
>>
>>
>
>
> --
> I met my latest girl friend in a department store. She was looking at
> clothes, and I was putting Slinkys on the escalators.
> -- Steven Wright
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 11:49 PM
Ed Greshko
 
Default Bind and reverse subdomains

lin.kh@wicam.com.kh wrote:

Thanks, will take it as good advice. And sorry to those who got confused
or offended with my post. While i was writing the message, i tried to
reproduce the scenario, which lead me to the mess . very sorry again.


I don't think anyone would be offended by your post. And I doubt anyone has
a problem with your BIND question. The only issue is that people here are
often willing to help and want to do their best.


So, to help enable people to do their very best you really should post the
real thing. Even if you think you have reproduced the essence of the
problem you may have inadvertently hidden a key fact.


Besides, people may ask you for the output of "dig" (for example) and you
may find yourself doing more hiding and making the problem harder to solve
than it has to be.






lin.kh@wicam.com.kh wrote:

Sorry all again:
I don't mean to flood my mails to the list but my previous post was a
little messed up as i cut and paste a lot trying not to show my real
domain.

Take a hint from Tom Eastep the author of "shorewall".

"As a general matter, please do not edit the diagnostic information in an
attempt to conceal your IP address, netmask, nameserver addresses, domain
name, etc. These aren't secrets, and concealing them often misleads us
(and
80% of the time, a cracker could derive them anyway from information
contained in the SMTP headers of your post)."

Even if you've emailed using a different domain you may have muddied the
waters such that it would be difficult for people to really help you.

I, for one, spend little time obfuscated posts.



Now i'd like to send the whole thing again with corrections:

********

First, please bear with me; i know this is not the place to ask about
BIND; but i'm hoping that, someone out there could help me. Also, sorry
for the lengthy post but most of it is to explain my scenario. And I
believe, the answer to my question will be very short.

Basically, I tried to delegate a reverse sub-domain (a subnet smaller
than
/24). I could query a PTR record from the parent server but i could not
from the child server where all the configuration of the sub-domain
belongs.

Here is the detail:

I have my home network connected to my office network with a registered
domain (office.net, for example) with the scenario below. On the Office
DNS server (ns1.office.net), I would like to delegate both the forward
sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home
DNS
server (ns1.home.office.net).

My problem is that, on the Home server, i could not do this query:

$ host 192.168.9.33
Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)

While from the Office server, i can:
$ host 192.168.9.33
33.9.168.192.in-addr.arpa is an alias for
33.32-39.9.168.192.in-addr.arpa.
33.32-39.9.168.192.in-addr.arpa domain name pointer ns1.home.office.net.

What could be the cause of problem? I might miss a transition somewhere
between the office parent zone and the home child zone. But i just don't
know. Everything else seems to work fine (the sub-domain forward zones
are
ok).

I've been following the book of O'Reilly "DNS & BIND", 5th edition,
which
is a great book i found; but the part on the reverse sub-domain is a bit
too tricky for me.

Could someone please help me out?

Here is the scenario:

Office Network:
===============
Domain: office.net (not real, used as example here only)
IP subnet : 192.168.9.0/24 (not real, used as example here only)
DNS Server: ns1.office.net (IP:192.168.9.1)

Home Network:
==============
Domain: home.office.net
IP Subnet : 192.168.9.32/28
DNS Server: ns1.home.office.net (IP:192.168.9.33)

On both of the DNS servers, i'm running BIND on Fedora 9.
The configuration files on the Office server (ns1.office.net) looks as
below:

1. /etc/resolv.conf

=== Beginning of file ===
search office.net
nameserver 192.168.9.1
nameserver 192.168.9.2
=== End of file ===

2. /var/named/chroot/etc/named.conf
(I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
/etc/sysconfig/named)

=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.1;};
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { trusted;};
recursion yes;
};

acl trusted {127.0.0.1; 192.168.9.0/24;};

include "/etc/named.rfc1912.zones";

zone "office.net" IN {
type master;
file "office.zone";
};

zone "9.168.192.in-addr.arpa" IN {
type master;
file "9.168.192.zone";
};
=== End of file===

3. /var/named/chroot/var/named/office.zone

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.
MX 10 mail1.office.net.
MX 20 mail2.office.net.
A 192.168.9.12

ns1 IN A 192.168.9.1
ns2 IN A 192.168.9.2
mail1 IN A 192.168.9.11
mail2 IN A 192.168.9.12
www IN CNAME mail2

;; Glue records for home.office.net
home IN NS ns1.home
ns1.home IN A 192.168.9.33
=== End of file ===

4. /var/named/chroot/var/named/9.168.192.zone:

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.

1 IN PTR ns1.office.net.
2 IN PTR ns2.office.net.
11 IN PTR mail1.office.net.
12 IN PTR mail2.office.net.

$GENERATE 33-39 $ CNAME $.32-39
32-39 IN NS ns1.home.office.net.
=== End of file ===

And finally, the configuration files on the Home server
(ns1.home.office.net) looks as below:

1. /etc/resolv.conf

#=== Beginning of file ===
search home.office.net
nameserver 192.168.9.33
#=== End of file ===

2. /var/named/chroot/etc/named.conf

//=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.33;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; 192.168.9.32/28;};
// forward first;
// forwarders {192.168.9.5;};
};

include "/etc/named.rfc1912.zones";

zone "home.office.net" IN {
type master;
file "home.zone";
};

zone "32-39.9.168.192.in-addr.arpa" IN {
type master;
file "32-39.9.168.192.zone";
};
//=== End of file ===

3. /var/named/chroot/var/named/home.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.
IN MX 10 mail.home.office.net.

ns1 IN A 192.168.9.33
mail IN A 192.168.9.35
;=== End of file ===

4. /var/named/chroot/var/named/32-39.9.168.192.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080203 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.

33 IN PTR ns1.home.office.net.
35 IN PTR mail.home.office.net.
;=== End of file ===

Thanks in advance for any ideas?

Best,
Khem





--
I met my latest girl friend in a department store. She was looking at
clothes, and I was putting Slinkys on the escalators.
-- Steven Wright

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list







--
Q: What does a WASP Mom make for dinner?
A: A crisp salad, a hearty soup, a lovely entree, followed by
a delicious dessert.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-05-2008, 07:34 AM
Khemara Lyn
 
Default Bind and reverse subdomains

Thanks Ed; promise, there won't be a second time.

Just to make my question short, may i ask if anyone has got the
delegation of a reverse sub-domain working? I would like to delegate a
/26 or smaller ones (/27, /28 etc.) from a parent server (having a
reverse zone of /24) to a child server.


Perhaps, someone could give me some pointers to how to use the directive
$GENERATE and CNAME records in a reverse zone file for BIND.


With warm regards.

Ed Greshko wrote:

lin.kh@wicam.com.kh wrote:

Thanks, will take it as good advice. And sorry to those who got confused
or offended with my post. While i was writing the message, i tried to
reproduce the scenario, which lead me to the mess . very sorry again.


I don't think anyone would be offended by your post. And I doubt
anyone has a problem with your BIND question. The only issue is that
people here are often willing to help and want to do their best.


So, to help enable people to do their very best you really should post
the real thing. Even if you think you have reproduced the essence of
the problem you may have inadvertently hidden a key fact.


Besides, people may ask you for the output of "dig" (for example) and
you may find yourself doing more hiding and making the problem harder
to solve than it has to be.






lin.kh@wicam.com.kh wrote:

Sorry all again:
I don't mean to flood my mails to the list but my previous post was a
little messed up as i cut and paste a lot trying not to show my real
domain.

Take a hint from Tom Eastep the author of "shorewall".

"As a general matter, please do not edit the diagnostic information
in an
attempt to conceal your IP address, netmask, nameserver addresses,
domain

name, etc. These aren't secrets, and concealing them often misleads us
(and
80% of the time, a cracker could derive them anyway from information
contained in the SMTP headers of your post)."

Even if you've emailed using a different domain you may have muddied
the

waters such that it would be difficult for people to really help you.

I, for one, spend little time obfuscated posts.



Now i'd like to send the whole thing again with corrections:

********

First, please bear with me; i know this is not the place to ask about
BIND; but i'm hoping that, someone out there could help me. Also,
sorry

for the lengthy post but most of it is to explain my scenario. And I
believe, the answer to my question will be very short.

Basically, I tried to delegate a reverse sub-domain (a subnet smaller
than
/24). I could query a PTR record from the parent server but i could
not

from the child server where all the configuration of the sub-domain
belongs.

Here is the detail:

I have my home network connected to my office network with a
registered
domain (office.net, for example) with the scenario below. On the
Office

DNS server (ns1.office.net), I would like to delegate both the forward
sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home
DNS
server (ns1.home.office.net).

My problem is that, on the Home server, i could not do this query:

$ host 192.168.9.33
Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)

While from the Office server, i can:
$ host 192.168.9.33
33.9.168.192.in-addr.arpa is an alias for
33.32-39.9.168.192.in-addr.arpa.
33.32-39.9.168.192.in-addr.arpa domain name pointer
ns1.home.office.net.


What could be the cause of problem? I might miss a transition
somewhere
between the office parent zone and the home child zone. But i just
don't

know. Everything else seems to work fine (the sub-domain forward zones
are
ok).

I've been following the book of O'Reilly "DNS & BIND", 5th edition,
which
is a great book i found; but the part on the reverse sub-domain is
a bit

too tricky for me.

Could someone please help me out?

Here is the scenario:

Office Network:
===============
Domain: office.net (not real, used as example here only)
IP subnet : 192.168.9.0/24 (not real, used as example here only)
DNS Server: ns1.office.net (IP:192.168.9.1)

Home Network:
==============
Domain: home.office.net
IP Subnet : 192.168.9.32/28
DNS Server: ns1.home.office.net (IP:192.168.9.33)

On both of the DNS servers, i'm running BIND on Fedora 9.
The configuration files on the Office server (ns1.office.net) looks as
below:

1. /etc/resolv.conf

=== Beginning of file ===
search office.net
nameserver 192.168.9.1
nameserver 192.168.9.2
=== End of file ===

2. /var/named/chroot/etc/named.conf
(I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
/etc/sysconfig/named)

=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.1;};
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { trusted;};
recursion yes;
};

acl trusted {127.0.0.1; 192.168.9.0/24;};

include "/etc/named.rfc1912.zones";

zone "office.net" IN {
type master;
file "office.zone";
};

zone "9.168.192.in-addr.arpa" IN {
type master;
file "9.168.192.zone";
};
=== End of file===

3. /var/named/chroot/var/named/office.zone

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.
MX 10 mail1.office.net.
MX 20 mail2.office.net.
A 192.168.9.12

ns1 IN A 192.168.9.1
ns2 IN A 192.168.9.2
mail1 IN A 192.168.9.11
mail2 IN A 192.168.9.12
www IN CNAME mail2

;; Glue records for home.office.net
home IN NS ns1.home
ns1.home IN A 192.168.9.33
=== End of file ===

4. /var/named/chroot/var/named/9.168.192.zone:

=== Beginning of file ===
$TTL 1D
@ IN SOA ns1.office.net. root.office.net. (
08080203 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.office.net.
NS ns2.office.net.

1 IN PTR ns1.office.net.
2 IN PTR ns2.office.net.
11 IN PTR mail1.office.net.
12 IN PTR mail2.office.net.

$GENERATE 33-39 $ CNAME $.32-39
32-39 IN NS ns1.home.office.net.
=== End of file ===

And finally, the configuration files on the Home server
(ns1.home.office.net) looks as below:

1. /etc/resolv.conf

#=== Beginning of file ===
search home.office.net
nameserver 192.168.9.33
#=== End of file ===

2. /var/named/chroot/etc/named.conf

//=== Beginning of file ===
options {
listen-on port 53 { 127.0.0.1; 192.168.9.33;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; 192.168.9.32/28;};
// forward first;
// forwarders {192.168.9.5;};
};

include "/etc/named.rfc1912.zones";

zone "home.office.net" IN {
type master;
file "home.zone";
};

zone "32-39.9.168.192.in-addr.arpa" IN {
type master;
file "32-39.9.168.192.zone";
};
//=== End of file ===

3. /var/named/chroot/var/named/home.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.
IN MX 10 mail.home.office.net.

ns1 IN A 192.168.9.33
mail IN A 192.168.9.35
;=== End of file ===

4. /var/named/chroot/var/named/32-39.9.168.192.zone

;=== Beginning of file ===
$TTL 86400
@ IN SOA ns1.home.office.net. root.home.office.net. (
08080203 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.home.office.net.

33 IN PTR ns1.home.office.net.
35 IN PTR mail.home.office.net.
;=== End of file ===

Thanks in advance for any ideas?

Best,
Khem





--
I met my latest girl friend in a department store. She was looking at
clothes, and I was putting Slinkys on the escalators.
-- Steven Wright

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list









--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-05-2008, 11:38 PM
Ed Greshko
 
Default Bind and reverse subdomains

Khemara Lyn wrote:

Just to make my question short, may i ask if anyone has got the
delegation of a reverse sub-domain working? I would like to delegate a
/26 or smaller ones (/27, /28 etc.) from a parent server (having a
reverse zone of /24) to a child server.


Perhaps, someone could give me some pointers to how to use the directive
$GENERATE and CNAME records in a reverse zone file for BIND.


If I get the chance I'll play with this over the next few days. However,
have you looked at RFC2317?


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-06-2008, 12:37 AM
 
Default Bind and reverse subdomains

Frankly, no.

I've been following this book of "DNS & BIND" by O'Reilly 5th edition and
the BIND's Admin Reference Manual (ARM) that have been useful for my BIND
setup. I only got stuck with this reverse sub-domain setup. The book says,
there are 3 ways to achieve it. I could achieve it the other 2 ways. But
i'd like to know the third way, which uses $GENERATE and CNAME that will
make the configuration short and neat.

It's ok; i'll stick the other 2 ways for now.

Thanks for your reply, Ed.

Regards,

> Khemara Lyn wrote:
>
>> Just to make my question short, may i ask if anyone has got the
>> delegation of a reverse sub-domain working? I would like to delegate a
>> /26 or smaller ones (/27, /28 etc.) from a parent server (having a
>> reverse zone of /24) to a child server.
>>
>> Perhaps, someone could give me some pointers to how to use the directive
>> $GENERATE and CNAME records in a reverse zone file for BIND.
>
> If I get the chance I'll play with this over the next few days. However,
> have you looked at RFC2317?
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-08-2008, 04:05 AM
Nifty Fedora Mitch
 
Default Bind and reverse subdomains

On Wed, Aug 06, 2008 at 07:37:26AM +0700, lin.kh@wicam.com.kh wrote:
>
> I've been following this book of "DNS & BIND" by O'Reilly 5th edition and
> the BIND's Admin Reference Manual (ARM) that have been useful for my BIND
> setup. I only got stuck with this reverse sub-domain setup. The book says,
> there are 3 ways to achieve it. I could achieve it the other 2 ways. But
> i'd like to know the third way, which uses $GENERATE and CNAME that will
> make the configuration short and neat.
>
> It's ok; i'll stick the other 2 ways for now.
>
> Thanks for your reply, Ed.
>
> Regards,
>
> > Khemara Lyn wrote:

I think the original poster is confusing a couple of things.

* bind
* subnets
* subdomains
* private networks .vs. routable networks.

In your Bind admin reference manual look for discussions on
internal and external name servers. No external facing name server
can give a good answer that contains a private network ( i.e. 192.168.0.0,
10.0.0.0 , etc.) this just does not work.

Also when slicing and dicing private network numbers into subnets make sure
that there is no overlap. If the primary server is responsible for the
entire class A (10.0.0.0) network funny things will happen on your sub{domain,nets}
as there is no clarity about the authority should you want sub{domains,networks}.

Routing is another issue where subnet masks need to be watched with care.
Is the intention to route or NAT traffic.

Is there a mix of Windows, Linux, DHCP, fixed IP addresses , PXE, NFS involved.

Step one:
do host names resolve correctly?
does routing work... (ping)?

--
T o m M i t c h e l l
Looking for a place to hang my hat.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 11:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org