Generating multiple zones with h2n
Dear list, I try to simplify our DNS administration and want to create proper zone files with h2n. Our network structure consists of several class C networks and several top level domains. We are using fictional TLDs internally (e.g. tdl1, tld2). The tricky thing ist that all TLDs can have addresses in all networks. I learnt from other posts that in this case you run h2n for the first TLD with creating the reverse lookup files and subsequent with other config files for further TLDs without creating PTR files. My approach did not create the reverse lookup files properly. The -p seems to be ignored :-( Generating the zone file for tld2 works fine. hosts.dummy: 192.168.1.1 host1.tld1 192.168.1.2 host2.tld2 192.168.2.1 host3.tld1 192.168.2.2 host4.tld2 gen_tld1.conf: -H hosts.dummy -h host1.tld1 -u m...@host2.tld1 -M -y -d tld1 -p tld2 -n 192.168.1 -n 192.168.2 Then I generate the zone files: ./h2n -f gen_tld1.conf Initializing new database files... Reading host file `hosts.dummy'... Line 2: Skipping `host2.tld2'. The canonical name does not match the -d option. 192.168.1.2 host2.tld2 Line 4: Skipping `host4.tld2'. The canonical name does not match the -d option. 192.168.2.2 host4.tld2 Writing database files... Both hosts from tld2 are not included neither in db.192.168.1 nor in db.192.168.2 db.192.168.1: $TTL 86400 @ SOA host1.tld1. me.tld1.tld1. ( 2009120101 10800 3600 604800 600 ) NS host1.tld1. 1 PTR host1.tld1. db.192.168.2: $TTL 86400 @ SOA host1.tld1. me.tld1.tld1. ( 2009120101 10800 3600 604800 600 ) NS host1.tld1. 1 PTR host3.tld1. How come? Did I miss something? Or is h2n just no proper tool for this case? I'm using h2n version 2.56 Kind regards Andreas -- Preisknaller: GMX DSL Flatrate für nur 16,99 Euro/mtl.! http://portal.gmx.net/de/go/dsl02 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Using a different domain name as the DNS server for a domain
Hi, I'm wondering if it's possible in Bind like my domain providers DNS servers to use a different domain as the name server ns record for another domain?? Excuse the horrific explanation I will try to describe what I mean: I am about to start hosting a domain called birimgrup.com in my network but do not wish to create a sub domain as ns.birimgrup.com; instead I would like to use my own domain which is called optiplex-networks.com as the ns server, meaning ns1.optiplex-networks.com: as example: dig optiplex-networks.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 optiplex-networks.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 48891 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;optiplex-networks.com.INA ;; ANSWER SECTION: optiplex-networks.com.86400INA192.168.1.150 ;; AUTHORITY SECTION: optiplex-networks.com.86400INNSns1.optiplex-networks.com. optiplex-networks.com.86400INNSns2.optiplex-networks.com. ;; ADDITIONAL SECTION: ns1.optiplex-networks.com. 86400 INA192.168.1.100 ns2.optiplex-networks.com. 86400 INA192.168.1.101 ;; Query time: 21 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Tue Dec 1 19:03:00 2009 ;; MSG SIZE rcvd: 123 So practically when someone does a dig for birimgrup.com it will come out of ns1.optiplex-networks.com!! Can this be done? I am assuming that I could create a zone with record: birimgrup in a ns1.optiplex-networks.com but I am just wondering if it will complain that the data is out of zone?? As a quick addition also I have never dealt with .net .org etc TLD's before when setting up DNS so I'm assuming that for reverse DNS the PTR records will simply go into the 192.168.1.rev file I have setup?? Many thanks in advance! --Kaya ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using a different domain name as the DNS server for a domain
You can create the NS record as you have described (type = NS, not A), but remember to put a dot on the end: birimgrup.com. in NS ns1.optiplex-networks.com. This is quite common. Here are some real-world examples: com.IN NS a.gtld-servers.net. menandmice.com. IN NS ns0.c.is. As for reverse records, these are indexed by the IP address, not be the domain name on the right hand side. Your PTR records will go in the reverse zone you already have. Chris Buxton Professional Services Men Mice On Dec 1, 2009, at 9:11 AM, Kaya Saman wrote: Hi, I'm wondering if it's possible in Bind like my domain providers DNS servers to use a different domain as the name server ns record for another domain?? Excuse the horrific explanation I will try to describe what I mean: I am about to start hosting a domain called birimgrup.com in my network but do not wish to create a sub domain as ns.birimgrup.com; instead I would like to use my own domain which is called optiplex-networks.com as the ns server, meaning ns1.optiplex-networks.com: as example: dig optiplex-networks.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 optiplex-networks.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 48891 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;optiplex-networks.com.INA ;; ANSWER SECTION: optiplex-networks.com.86400INA192.168.1.150 ;; AUTHORITY SECTION: optiplex-networks.com.86400INNSns1.optiplex-networks.com. optiplex-networks.com.86400INNSns2.optiplex-networks.com. ;; ADDITIONAL SECTION: ns1.optiplex-networks.com. 86400 INA192.168.1.100 ns2.optiplex-networks.com. 86400 INA192.168.1.101 ;; Query time: 21 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Tue Dec 1 19:03:00 2009 ;; MSG SIZE rcvd: 123 So practically when someone does a dig for birimgrup.com it will come out of ns1.optiplex-networks.com!! Can this be done? I am assuming that I could create a zone with record: birimgrup in a ns1.optiplex-networks.com but I am just wondering if it will complain that the data is out of zone?? As a quick addition also I have never dealt with .net .org etc TLD's before when setting up DNS so I'm assuming that for reverse DNS the PTR records will simply go into the 192.168.1.rev file I have setup?? Many thanks in advance! --Kaya ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using a different domain name as the DNS server for a domain
Ok I think I have got somewhere but still a bit unsure of what's going on!! dig birimgrup.com ; DiG 9.6.0-P1 birimgrup.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 567 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;birimgrup.com. IN A ;; ANSWER SECTION: birimgrup.com. 86400 IN A 192.168.1.170 ;; AUTHORITY SECTION: birimgrup.com. 86400 IN NS ns2.optiplex-networks.com. birimgrup.com. 86400 IN NS ns1.optiplex-networks.com. ;; ADDITIONAL SECTION: ns1.optiplex-networks.com. 86400 IN A 192.168.1.100 ns2.optiplex-networks.com. 86400 IN A 192.168.1.101 ;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 1 19:31:53 2009 ;; MSG SIZE rcvd: 133 On top of that my zone file looks like so: ; ; BIND data file for example.com ; $TTL1d @ IN SOA ns1.optiplex-networks.com. mail.optiplex-networks.com. ( 2009120101 ; Serial 7200 ; Refresh 120 ; Retry 2419200 ; Expire 86400); Default TTL ; IN NS ns1.optiplex-networks.com. IN NS ns2.optiplex-networks.com. ns1.optiplex-networks.com. IN A 192.168.1.100 ns2.optiplex-networks.com. IN A 192.168.1.101 birimgrup.com. IN A 192.168.1.170 www.birimgrup.com. IN A 192.168.1.170 However as I thought I have ignoring out of zone data error in my log. Dec 1 19:31:16 NetraT1-RAY named[3646]: [ID 873579 daemon.warning] /var/named/birimgrup.db:14: ignoring out-of-zone data (ns1.optiplex-networks.com) Dec 1 19:31:16 NetraT1-RAY named[3646]: [ID 873579 daemon.warning] /var/named/birimgrup.db:15: ignoring out-of-zone data (ns2.optiplex-networks.com) Since line 14 and 15 are: ns1.optiplex-networks.com. IN A 192.168.1.100 and ns2.optiplex-networks.com. IN A 192.168.1.101 respectively I think I can remove them and all will be fine! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using a different domain name as the DNS server for a domain
Many thanks for the response Chris As you where writing and sending this I sort of worked it out but this makes things much clearer :-) I really do appreciate all the help! --Kaya Chris Buxton wrote: You can create the NS record as you have described (type = NS, not A), but remember to put a dot on the end: birimgrup.com. in NS ns1.optiplex-networks.com. This is quite common. Here are some real-world examples: com.IN NS a.gtld-servers.net. menandmice.com. IN NS ns0.c.is. As for reverse records, these are indexed by the IP address, not be the domain name on the right hand side. Your PTR records will go in the reverse zone you already have. Chris Buxton Professional Services Men Mice On Dec 1, 2009, at 9:11 AM, Kaya Saman wrote: ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using a different domain name as the DNS server for a domain
Chris Buxton wrote: Yes, remove the A records for the name servers. They shouldn't be here - they belong in the zone named optiplex-networks.com. Also, the last line of your zone looks quite odd. You should never have an IP address on the left side of a DNS record. Chris Buxton Professional Services Men Mice On Dec 1, 2009, at 9:35 AM, Kaya Saman wrote: Chris if you're referring to this: birimgrup.com. IN A 192.168.1.170 www.birimgrup.com. IN A 192.168.1.170 It didn't come out right on the email the actual version is like so: birimgrup.com. IN A 192.168.1.170 www.birimgrup.com. IN A 192.168.1.170 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using a different domain name as the DNS server for a domain
birimgrup.com. IN A 192.168.1.170 www.birimgrup.com. IN A 192.168.1.170 ___ ok this is really weird! In the actual zone file they are stacked on top of each other like supposed to be! Either Seamonkey isn't formatting my emails properly or it's something to do with my SSH tunnel into the UK right now.. probably cat command is my bet. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using a different domain name as the DNS server for a domain
Yes, remove the A records for the name servers. They shouldn't be here - they belong in the zone named optiplex-networks.com. Also, the last line of your zone looks quite odd. You should never have an IP address on the left side of a DNS record. Chris Buxton Professional Services Men Mice On Dec 1, 2009, at 9:35 AM, Kaya Saman wrote: Ok I think I have got somewhere but still a bit unsure of what's going on!! dig birimgrup.com ; DiG 9.6.0-P1 birimgrup.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 567 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;birimgrup.com. IN A ;; ANSWER SECTION: birimgrup.com. 86400 IN A 192.168.1.170 ;; AUTHORITY SECTION: birimgrup.com. 86400 IN NS ns2.optiplex-networks.com. birimgrup.com. 86400 IN NS ns1.optiplex-networks.com. ;; ADDITIONAL SECTION: ns1.optiplex-networks.com. 86400 IN A 192.168.1.100 ns2.optiplex-networks.com. 86400 IN A 192.168.1.101 ;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 1 19:31:53 2009 ;; MSG SIZE rcvd: 133 On top of that my zone file looks like so: ; ; BIND data file for example.com ; $TTL1d @ IN SOA ns1.optiplex-networks.com. mail.optiplex-networks.com. ( 2009120101 ; Serial 7200 ; Refresh 120 ; Retry 2419200 ; Expire 86400); Default TTL ; IN NS ns1.optiplex-networks.com. IN NS ns2.optiplex-networks.com. ns1.optiplex-networks.com. IN A 192.168.1.100 ns2.optiplex-networks.com. IN A 192.168.1.101 birimgrup.com. IN A 192.168.1.170 www.birimgrup.com. IN A 192.168.1.170 However as I thought I have ignoring out of zone data error in my log. Dec 1 19:31:16 NetraT1-RAY named[3646]: [ID 873579 daemon.warning] /var/named/birimgrup.db:14: ignoring out-of-zone data (ns1.optiplex-networks.com) Dec 1 19:31:16 NetraT1-RAY named[3646]: [ID 873579 daemon.warning] /var/named/birimgrup.db:15: ignoring out-of-zone data (ns2.optiplex-networks.com) Since line 14 and 15 are: ns1.optiplex-networks.com. IN A 192.168.1.100 and ns2.optiplex-networks.com. IN A 192.168.1.101 respectively I think I can remove them and all will be fine! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone vs domain
gmspro wrote: What's the main difference between zone and domain? In what context? Unfortunately both terms get used by various people/vendors in different ways. A little more detail is needed to answer your question (although if you're talking strictly DNS terms Chris' answer was quite detailed). Doug -- Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
reverse zone file in external view not transferring to slave server??
Hi,
now that I have my zones and reverse files sorted out I have managed to
come across a problem which seems I had before even beginning any of this!
Basically for some reason my reverse zone for the external view isn't
transferring to my slave server this is quite strange as all the
other forward zones for the external view work fine??
Here is config:
named.conf file snippit for both servers:
view external {
match-clients { any; !192.168.0.0/22; !127.0.0.1; };
allow-recursion {
127.0.0.1;
};
include /etc/opt/csw/bind/named.conf.external;
};
named.conf.external file from master server:
zone optiplex-networks.com {
type master;
file /var/named/optiplex-networks-external.db;
allow-query { any; !192.168.0.0/22; 192.168.1.101; };
};
zone 2.178.81.in-addr.arpa {
type master;
file /var/named/81.178.2.rev;
allow-query { any; !192.168.0.0/22; 192.168.1.101; };
};
named.conf.external file from slave server:
zone optiplex-networks.com {
type slave;
file /var/named/optiplex-networks-external.db;
masters { 192.168.1.100; };
allow-notify { 192.168.1.100; };
allow-query { any; !192.168.0.0/22; 192.168.1.100; };
};
zone 2.178.81.in-addr.arpa {
type slave;
file /var/named/81.178.2.rev;
masters { 192.168.1.100; };
allow-notify { 192.168.1.100; };
allow-query { any; !192.168.0.0/22; 192.168.1.100; };
};
If any one can help me figure out why this is happening as the reverse
zone for my internal view works perfectly fine with similar config and
all the other forward zones for the external work perfectly fine??
Many thanks,
--Kaya
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse zone file in external view not transferring to slave server??
In message 4b1576eb.2020...@netscape.net, Kaya Saman writes:
Hi,
now that I have my zones and reverse files sorted out I have managed to
come across a problem which seems I had before even beginning any of this!
Basically for some reason my reverse zone for the external view isn't
transferring to my slave server this is quite strange as all the
other forward zones for the external view work fine??
Here is config:
named.conf file snippit for both servers:
view external {
match-clients { any; !192.168.0.0/22; !127.0.0.1; };
Acl's are first match.
What you had devolves to
match-clients { any; };
Try.
match-clients { !192.168.0.0/22; !127.0.0.1; any; };
Adjust all the other acls
allow-recursion {
127.0.0.1;
};
include /etc/opt/csw/bind/named.conf.external;
};
named.conf.external file from master server:
zone optiplex-networks.com {
type master;
file /var/named/optiplex-networks-external.db;
allow-query { any; !192.168.0.0/22; 192.168.1.101; };
};
zone 2.178.81.in-addr.arpa {
type master;
file /var/named/81.178.2.rev;
allow-query { any; !192.168.0.0/22; 192.168.1.101; };
};
named.conf.external file from slave server:
zone optiplex-networks.com {
type slave;
file /var/named/optiplex-networks-external.db;
masters { 192.168.1.100; };
allow-notify { 192.168.1.100; };
allow-query { any; !192.168.0.0/22; 192.168.1.100; };
};
zone 2.178.81.in-addr.arpa {
type slave;
file /var/named/81.178.2.rev;
masters { 192.168.1.100; };
allow-notify { 192.168.1.100; };
allow-query { any; !192.168.0.0/22; 192.168.1.100; };
};
If any one can help me figure out why this is happening as the reverse
zone for my internal view works perfectly fine with similar config and
all the other forward zones for the external work perfectly fine??
Many thanks,
--Kaya
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse zone file in external view not transferring to slave server??
Acl's are first match.
What you had devolves to
match-clients { any; };
Try.
match-clients { !192.168.0.0/22; !127.0.0.1; any; };
Adjust all the other acls
Ok so these are similar to Cisco IOS Acl's now I get it :-)
Unfortunately the reverse zone is still not transferring??
This is what I have now after re-jig:
named.conf:
view external {
match-clients { !192.168.0.0/22; !127.0.0.1; any; };
allow-recursion {
127.0.0.1;
};
include /etc/opt/csw/bind/named.conf.external;
};
named.conf.external:
zone 2.178.81.in-addr.arpa {
type slave;
file /var/named/81.178.2.rev;
masters { 192.168.1.100; };
allow-notify { 192.168.1.100; };
allow-query { 192.168.1.100; !192.168.0.0/22; any; };
};
Of course this is the slave, however the master is quite similar with
allow-notify and query being 192.168.1.101 instead..
Still no go though :-(
# ls /var/named
192.168.1.rev birim-it-external.db
birimgrup.db birimguvenlik-net-external.db
optiplex-networks.db
benimadimfs-external.dbbirim-it.db
birimguvenlik-com-external.db birimguvenlik-net.db
benimadimfs.db birimgrup-external.db
birimguvenlik-com.db optiplex-networks-external.db
??
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse zone file in external view not transferring to slave server??
Many thanks for all the help first up :-) I really do appreciate it! Am just wondering, I'm running BIND 9.6.0-P1 on Solaris 9 to achieve this, so could this be a bug or something else yet not implemented into Bind or perhaps somehow the way it was compiled as I'm using the Blastwave version.. ?? Unfortunately no chance of upgrading at the moment either the system or the OS as I'm in another country and the systems are along way a way with no-one other then myself capable of doing anything with them. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Parent is a CNAME
If a.stanford.edu is a cname (say to b.stanford.edu) can I delegate subdomain.a.stanford.edu? Are there documents that point to this being an ok or bad practice? I know all records for a.stanford.edu are relegated to records for b.stanford.edu What about subdomains? -hej Hans Jacobsen Director, Data Center Information Resources Technology Stanford School of Medicine Building AB, 2nd Floor, RM 231A - M/C 5569 301 Ravenswood Avenue Menlo Park, CA 94025 Email: hans.jacob...@stanford.edu Tel: 650-723-7360 http://med.stanford.edu/irt/ CONFIDENTIALITY NOTICE: Information contained in this message and any attachments is confidential It may only be read, copied, and used by the intended recipient(s). If you are not the intended recipient(s), you may not copy, use, distribute, forward, store, or disclose this e- mail or any attachments. If you believe that you have received this message in error, destroy it and any attachments and notify the sender immediately by return electronic mail. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse zone file in external view not transferring to slave server??
type master;
allow-transfer { other.servers.ip.addresses; };
perhaps?
I tend to do
options {
...
allow-transfer {none;};
...
};
But this wouldn't explain why all the rest can transfer and the one zone
can't.
Have you made sure that the slaved copies for the internal view and the
external view go to DIFFERENT files? Otherwise they overwrite each
other and strange timing effects occur.
Just thoughts.
--
/*\
**
** Joe Yao j...@tux.org - Joseph S. D. Yao
**
\*/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Parent is a CNAME
On Dec 1, 2009, at 7:50 PM, Joseph S D Yao wrote:
On Tue, Dec 01, 2009 at 04:59:16PM -0800, Hans Jacobsen wrote:
If a.stanford.edu is a cname (say to b.stanford.edu)
can I delegate subdomain.a.stanford.edu? Are there documents that
point to this being an ok or bad practice?
I know all records for a.stanford.edu are relegated to records for
b.stanford.edu
What about subdomains?
No.
The domain that has a CNAME must never appear on the left-hand side of
another record.
If you delegate, the domain appears on the left side of NS records.
That is incorrect. The child of the alias does not equal the alias.
The following is absolutely correct:
a CNAME b
sub.a NS some.host.
Just to be sure, I tested it before composing this message.
Joseph, I used to have the same misconception as you, that an alias couldn't
have children (subdomains) of its own. Someone on this very list sorted it out
for me, years ago, with a working example that looked roughly like this:
gw CNAME a.gw
a.gwA 192.0.2.1
b.gwA 192.0.2.2
c.gwA 192.0.2.3
The purpose of this was to enumerate all of the available routers, as
{a,b,c}.gw, and then have the currently active router referenced as simply gw.
The solution used involved an alias name that had three children.
Chris Buxton
Professional Services
Men Mice
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
