how to create a private test. zone?
Hello, I'm trying to create a private test. zone for use in my local testing lab. I've setup an recursive DNS server that will serve the test. zone (in Sun host; see the network diagram bellow). The resolution of a domain in the test zone works as expected, eg: dig sun.test ; DiG 9.4.2-P2 sun.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 65413 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;sun.test. IN A ;; ANSWER SECTION: sun.test. 600 IN A 192.168.2.1 ;; AUTHORITY SECTION: test. 600 IN NS sun.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:39:28 2009 ;; MSG SIZE rcvd: 56 After this, I wanted to delegate the example.test. zone to another local DNS server of mine (the Plesk host). I did the delegation by adding the following RR in the test. zone (in the Sun host): example IN NS plesk I tried to resolve the example.test domain with: dig example.test ; DiG 9.4.2-P2 example.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 20407 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; Query time: 31 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:40:39 2009 ;; MSG SIZE rcvd: 30 Which failed... NB: I can see my local dns server sending queries to my isp dns server. But why? NB: Asking the same question directly at the Plesk DNS server works: dig example.test @plesk.test ; DiG 9.4.2-P2 example.test @plesk.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 2358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; ANSWER SECTION: example.test. 86400 IN A 192.168.2.10 ;; AUTHORITY SECTION: example.test. 86400 IN NS plesk.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.10#53(192.168.2.10) ;; WHEN: Sun Mar 1 10:41:43 2009 ;; MSG SIZE rcvd: 66 What I'm doing wrong in the delegation, and how can I fix it? My network diagram is: +-+ | isp | +-+ 10.0.2.3 (DNS) | ---+--- 10/24 | +-+ 10.0.2.15 +-+ | sun | |plesk| +-+ 192.168.2.1 +-+ 192.168.2.10 | | ---+-+- 192.168.2/24 isp my ISP DNS server host. sun my local DNS server host that hosts the test. zone. NB: this is an recursive server. NB: it also forwards to isp dns server. NB: local resolv.conf points to 192.168.2.1 plesk my other local DNS server host that hosts the example.test. zone. NB: this is an authoritative server only. NB: local resolv.conf points to 192.168.2.1 This is what the Sun DNS server has about the test. zone: $TTL10m ; default TTL $ORIGIN test. ; base domain-name @ IN SOA sun hostmaster ( 2008042800 ; serial 10m; refresh 15m; retry 3w ; expire 10m; minimum ) IN NS sun sun IN A 192.168.2.1 plesk IN A 192.168.2.10 ; delegate example.test. to plesk.test. example IN NS plesk ;exampleIN A 192.168.2.10 And this is what the Plesk DNS server has about the example.test. zone: @ IN SOA plesk.test. ironman.example.test. ( 1235830200 ; Serial 10800 ; Refresh 3600; Retry 604800 ; Expire 10800 ) ; Minimum example.test.IN NS plesk.test. example.test.IN A192.168.2.10 If you need more information, please let me known. Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private test. zone?
Hi,
Ben Bridges wrote:
sun
NB: it also forwards to isp dns server.
If your sun server is configured to use your isp dns server as a
forwarder, then I think it will forward requests for example.test
to the isp server even though it delegated example.test to plesk.
That would seem to be supported by the fact that your sun server knows
it is not authoritative for example.test (no AA flag in response to
the query for example.test) and that you see it sending requests
to the isp server (although you don't specify that it is sending
requests to it for example.test).
Ah sorry, its indeed sending requests to it for the example.test domain.
You could try creating example.test as a forward zone in named.conf on
your sun server and specifying plesk as the forwarder for that zone.
Indeed, adding a forward zone like bellow works! but why does it work?
or why is it needed?
zone example.test {
type forward;
// forward only;
// forwarders { 192.168.2.10; };
};
Note that I only needed to include the type forward line, the other
lines do not seem to be needed. I'm I missing something? they aren't
really needed? By reading the bind manual it seems we have to include them.
BTW, if I try to query without recurse (and without addind the forward
zone as above):
dig example.test +norecurse
; DiG 9.4.2-P2 example.test +norecurse
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 62293
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;example.test.INA
;; AUTHORITY SECTION:
example.test.600INNSplesk.test.
;; ADDITIONAL SECTION:
plesk.test.600INA192.168.2.10
;; Query time: 1 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Mon Mar 2 22:22:40 2009
;; MSG SIZE rcvd: 66
it seems to work (that is, it returns the NS and A record for the NS)...
only when quering with recurse it fails, any ideia why?
Thanks!
Best regards,
Rui Lopes
*From:* bind-users-boun...@lists.isc.org on behalf of Rui Lopes
*Sent:* Sun 3/1/2009 2:46 PM
*To:* bind-users@lists.isc.org
*Subject:* how to create a private test. zone?
Hello,
I'm trying to create a private test. zone for use in my local
testing lab.
I've setup an recursive DNS server that will serve the test. zone
(in Sun host; see the network diagram bellow).
The resolution of a domain in the test zone works as expected, eg:
dig sun.test
; DiG 9.4.2-P2 sun.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 65413
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
0
;; QUESTION SECTION:
;sun.test. IN A
;; ANSWER SECTION:
sun.test. 600 IN A 192.168.2.1
;; AUTHORITY SECTION:
test. 600 IN NS sun.test.
;; Query time: 2 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Sun Mar 1 10:39:28 2009
;; MSG SIZE rcvd: 56
After this, I wanted to delegate the example.test. zone to another
local DNS server of mine (the Plesk host). I did the delegation by
adding the following RR in the test. zone (in the Sun host):
example IN NS plesk
I tried to resolve the example.test domain with:
dig example.test
; DiG 9.4.2-P2 example.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 20407
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.test. IN A
;; Query time: 31 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Sun Mar 1 10:40:39 2009
;; MSG SIZE rcvd: 30
Which failed...
NB: I can see my local dns server sending queries to my isp dns
server. But why?
NB: Asking the same question directly at the Plesk DNS server works:
dig example.test @plesk.test
; DiG 9.4.2-P2 example.test @plesk.test
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 2358
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
0
;; QUESTION SECTION:
;example.test. IN A
;; ANSWER SECTION:
example.test. 86400 IN A 192.168.2.10
;; AUTHORITY SECTION:
example.test. 86400 IN NS plesk.test.
;; Query time: 2 msec
;; SERVER: 192.168.2.10#53(192.168.2.10)
;; WHEN: Sun Mar 1 10:41:43 2009
;; MSG SIZE rcvd: 66
What I'm doing wrong in the delegation, and how can I fix it?
My network diagram is:
+-+
| isp |
+-+ 10.0.2.3 (DNS)
|
---+--- 10/24
|
+-+ 10.0.2.15 +-+
| sun | |plesk
how to create a private test. zone?
Hello, I'm trying to create a private test. zone for use in my local testing lab. I've setup an recursive DNS server that will serve the test. zone (in Sun host; see the network diagram bellow). The resolution of a domain in the test zone works as expected, eg: dig sun.test ; DiG 9.4.2-P2 sun.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 65413 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;sun.test. IN A ;; ANSWER SECTION: sun.test. 600 IN A 192.168.2.1 ;; AUTHORITY SECTION: test. 600 IN NS sun.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:39:28 2009 ;; MSG SIZE rcvd: 56 After this, I wanted to delegate the example.test. zone to another local DNS server of mine (the Plesk host). I did the delegation by adding the following RR in the test. zone (in the Sun host): example IN NS plesk I tried to resolve the example.test domain with: dig example.test ; DiG 9.4.2-P2 example.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 20407 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; Query time: 31 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 10:40:39 2009 ;; MSG SIZE rcvd: 30 Which failed... NB: I can see my local dns server sending queries to my isp dns server. But why? NB: Asking the same question directly at the Plesk DNS server works: dig example.test @plesk.test ; DiG 9.4.2-P2 example.test @plesk.test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 2358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.test. IN A ;; ANSWER SECTION: example.test. 86400 IN A 192.168.2.10 ;; AUTHORITY SECTION: example.test. 86400 IN NS plesk.test. ;; Query time: 2 msec ;; SERVER: 192.168.2.10#53(192.168.2.10) ;; WHEN: Sun Mar 1 10:41:43 2009 ;; MSG SIZE rcvd: 66 What I'm doing wrong in the delegation, and how can I fix it? My network diagram is: +-+ | isp | +-+ 10.0.2.3 (DNS) | ---+--- 10/24 | +-+ 10.0.2.15 +-+ | sun | |plesk| +-+ 192.168.2.1 +-+ 192.168.2.10 | | ---+-+- 192.168.2/24 isp my ISP DNS server host. sun my local DNS server host that hosts the test. zone. NB: this is an recursive server. NB: it also forwards to isp dns server. NB: local resolv.conf points to 192.168.2.1 plesk my other local DNS server host that hosts the example.test. zone. NB: this is an authoritative server only. NB: local resolv.conf points to 192.168.2.1 This is what the Sun DNS server has about the test. zone: $TTL10m ; default TTL $ORIGIN test. ; base domain-name @ IN SOA sun hostmaster ( 2008042800 ; serial 10m; refresh 15m; retry 3w ; expire 10m; minimum ) IN NS sun sun IN A 192.168.2.1 plesk IN A 192.168.2.10 ; delegate example.test. to plesk.test. example IN NS plesk ;exampleIN A 192.168.2.10 And this is what the Plesk DNS server has about the example.test. zone: @ IN SOA plesk.test. ironman.example.test. ( 1235830200 ; Serial 10800 ; Refresh 3600; Retry 604800 ; Expire 10800 ) ; Minimum example.test.IN NS plesk.test. example.test.IN A192.168.2.10 If you need more information, please let me known. Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private test. zone?
Stephane Bortzmeyer wrote: On Sun, Mar 01, 2009 at 08:46:11PM +, Rui Lopes r...@ruilopes.com wrote a message of 168 lines which said: I did the delegation by adding the following RR in the test. zone (in the Sun host): example IN NS plesk May be an error prevented the loading of the zone? Check the SOA serial number, as published by this server, and check BIND log files. [Because your setup and files seem OK.] I've changed the serial to 2009030100 and I don't see any error on the logs: Mar 1 21:53:05 sun named[5919]: zone test/IN: loaded serial 2009030100 I've also increased the log level using: rndc trace 99 rndc querylog And checked the zone with: named-checkzone -D -d test /etc/bind/test.zone loading test from /etc/bind/test.zone class IN zone test/IN: loaded serial 2009030100 dumping test test. 600 IN SOAsun.test. hostmaster.test. 2009030100 600 900 1814400 600 test. 600 IN NSsun.test. example.test. 600 IN NSplesk.test. plesk.test. 600 IN A192.168.2.10 sun.test. 600 IN A192.168.2.1 OK Finally, checked the SOA value as: dig soa test ; DiG 9.4.2-P2 soa test ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 11705 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;test.INSOA ;; ANSWER SECTION: test.600INSOAsun.test. hostmaster.test. 2009030100 600 900 1814400 600 ;; AUTHORITY SECTION: test.600INNSsun.test. ;; ADDITIONAL SECTION: sun.test.600INA192.168.2.1 ;; Query time: 1 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: Sun Mar 1 21:58:22 2009 ;; MSG SIZE rcvd: 103 Still, no go. Any other suggestion? Thanks! Best regards, Rui Lopes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
