Re: Problem with subdomain delegation - NS RR ignored?

Tue, 23 May 2023 03:50:48 -0700

What is status of your dnssec-validation? .hub does not exist in public dns tree and dnssec has a proof that it does not exist. Any validating resolver will therefore turn the response to NXDOMAIN. You should use your own existing domain with a proper delegation instead. Or use just home.arpa domain, which is reserved for local use of networks. If you want to keep .hub, you will have to set exception to not validate this domain on every  validating resolver in your network. 

# to allow this domain forever, add to named.conf options{}:
validate-except { "hub" };

Cheers,
Petr

On 10. 05. 23 6:07, bindu...@thegeezer.net wrote:

Howdy
I'm struggling with subdomain creation, for some reason the delegation glue records are being ignored - and i was wondering if someone could help me identify what I've done wrong please.  I know i need to setup another server for the subdomain, but I've been trying to get this going at work and getting the same issue, so thought to try on my test bed.  Can't even get the NS record returned for the subdomain 

Given the domain ".hub"  I can verify the domain level NS
# host -t NS hub localhost
> hub name server localhost.
I can create an A record  for "salmon.hub."  and this resolves as expected: 
# host -t a salmon.hub localhost
> salmon.hub has address 8.8.8.8
I want to delegate to a different domain server the subdomain "fish.hub" and have created glue records as below in the config snippet, but get NXDOMAIN for both the A record and the NS record 
# host -t a ns1.fish.hub localhost
> Host ns1.fish.hub not found: 3(NXDOMAIN)

# host -t NS fish.hub localhost
> Host fish.hub not found: 3(NXDOMAIN)
Any suggestions gratefully received.  Pertinent parts of named.conf and zone file are shown below, if you need more info please don't hesitate to ask 

thanks in advance!

TG

/etc/bind/named.conf
acl "trusted" {
        10.0.0.0/8;
        192.168.0.0/16;
        127.0.0.0/8;
        ::1/128;
};
allow-recursion {
                trusted;
       };
forwarders {
                208.67.220.220;
                208.67.222.222;
        };
zone "hub" IN {
               type master;
               file "pri/hub.zone";
               notify no;
        };

/etc/bind/pri/hub.zone
$TTL 1W
@       IN      SOA     hub. root.hub.  (
                                      2008122601 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      604800     ; Expire - 1 week
                                      86400 )    ; Minimum
@               IN      NS      localhost.
@               IN      A       127.0.0.1

@               IN      AAAA    ::1

salmon.hub.     IN      A       8.8.8.8
fish.hub.       IN      NS      ns1.fish.hub.
ns1.fish.hub.   IN      A       4.4.4.4




--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to