The +trace option *forces* dig to step through each level of the hierarchy.
Therefore it's not a good way of testing any kind of "override" of the
normal iterative-resolution process.
- Kevin
Rob Z wrote:
Hello list,
Here's my scenario:
I have multiple DNS servers (one master and a few slaves)
authoritative for a few zones (eg mydomain.com <http://mydomain.com>,
zone1.mydomain.com <http://zone1.mydomain.com> etc).
I also have a caching server (a stock Redhat caching-nameserver.rpm
configuration, BIND 9.2.4 ) which is used by clients on LAN to query
DNS for zone1.mydomain.com <http://zone1.mydomain.com>.
As far as I understand this caching server does a full recursive
resolution to get information for zone1.mydomain.com
<http://zone1.mydomain.com> ( going to root servers, then going to
.com servers then to mydomain.com <http://mydomain.com> server).
My obective is to convert this caching server into a slave server,
which will transfer the full zone1.mydomain.com
<http://zone1.mydomain.com>.
Am I correct in the assumption that the slave server should answer
queries for zone1.mydomain.com <http://zone1.mydomain.com> directly as
it has all the information?
I modified the config by adding
zone "zone1.mydomain.com <http://zone1.mydomain.com>" {
type slave;
file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>";
masters { A.B.C.D; };
};
to the caching server config and configured the master server to allow
transfers. The zone is being transfered correctly,
mydomain/hosts.mydomain.com <http://hosts.mydomain.com> is popupated.
However,
dig +trace @localhost host1.zone1.mydomain.com
<http://host1.zone1.mydomain.com>
shows that the server is still doing a full recursion, going to the
root servers, tld servers etc.
What am I missing? Do I also have to list my caching server as NS
record in the zone1.mydomain.com <http://zone1.mydomain.com>?
It's located on a private network and won't be able to answer queries
from the Internet.
Attached is my config file
===================================================
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca <http://named.ca>";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "zone1.MYDOMAIN.COM <http://zone1.MYDOMAIN.COM>" {
type slave;
file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>";
masters { A.B.C.D; };
};
include "/etc/rndc.key";
===================================================
Thanks
Rob
------------------------------------------------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users