subject:"Problem with subdomain delegation \- NS RR ignored\?"

Re: Problem with subdomain delegation - NS RR ignored?

2023-05-23 Thread Petr Menšík

What is status of your dnssec-validation? .hub does not exist in public 
dns tree and dnssec has a proof that it does not exist. Any validating 
resolver will therefore turn the response to NXDOMAIN. You should use 
your own existing domain with a proper delegation instead. Or use just 
home.arpa domain, which is reserved for local use of networks. If you 
want to keep .hub, you will have to set exception to not validate this 
domain on every  validating resolver in your network.


# to allow this domain forever, add to named.conf options{}:
validate-except { "hub" };

Cheers,
Petr

On 10. 05. 23 6:07, bindu...@thegeezer.net wrote:

Howdy

I'm struggling with subdomain creation, for some reason the delegation 
glue records are being ignored - and i was wondering if someone could 
help me identify what I've done wrong please.  I know i need to setup 
another server for the subdomain, but I've been trying to get this 
going at work and getting the same issue, so thought to try on my test 
bed.  Can't even get the NS record returned for the subdomain


Given the domain ".hub"  I can verify the domain level NS
# host -t NS hub localhost
> hub name server localhost.

I can create an A record  for "salmon.hub."  and this resolves as 
expected:

# host -t a salmon.hub localhost
> salmon.hub has address 8.8.8.8

I want to delegate to a different domain server the subdomain 
"fish.hub" and have created glue records as below in the config 
snippet, but get NXDOMAIN for both the A record and the NS record

# host -t a ns1.fish.hub localhost
> Host ns1.fish.hub not found: 3(NXDOMAIN)

# host -t NS fish.hub localhost
> Host fish.hub not found: 3(NXDOMAIN)

Any suggestions gratefully received.  Pertinent parts of named.conf 
and zone file are shown below, if you need more info please don't 
hesitate to ask


thanks in advance!

TG

/etc/bind/named.conf
acl "trusted" {
    10.0.0.0/8;
    192.168.0.0/16;
    127.0.0.0/8;
    ::1/128;
};
allow-recursion {
    trusted;
   };
forwarders {
    208.67.220.220;
    208.67.222.222;
    };
zone "hub" IN {
   type master;
   file "pri/hub.zone";
   notify no;
    };

/etc/bind/pri/hub.zone
$TTL 1W
@   IN  SOA hub. root.hub.  (
  2008122601 ; Serial
  28800  ; Refresh
  14400  ; Retry
  604800 ; Expire - 1 week
  86400 )    ; Minimum
@   IN  NS  localhost.
@   IN  A   127.0.0.1

@   IN      ::1

salmon.hub. IN  A   8.8.8.8
fish.hub.   IN  NS  ns1.fish.hub.
ns1.fish.hub.   IN  A   4.4.4.4




--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Problem with subdomain delegation - NS RR ignored?

2023-05-10 Thread Nick Tait via bind-users


Hi TG.

I just wanted to check:

1. Your "hub" zone contains the NS delegation for "fish.hub." to
   "ns1.fish.hub." with glue record "4.4.4.4". Is 4.4.4.4 the correct
   IP address of the server you are delegating to?
2. You haven't included the sub zone configuration (i.e. from 4.4.4.4)
   below. What do the zone stanza in the config file, and the zone file
   itself look like?
3. What answer do you get if you try: *dig @4.4.4.4 **fish.hub soa
   +norecurse*

Nick.

On 10/05/23 16:07, bindu...@thegeezer.net wrote:

Howdy

I'm struggling with subdomain creation, for some reason the delegation 
glue records are being ignored - and i was wondering if someone could 
help me identify what I've done wrong please.  I know i need to setup 
another server for the subdomain, but I've been trying to get this 
going at work and getting the same issue, so thought to try on my test 
bed.  Can't even get the NS record returned for the subdomain


Given the domain ".hub"  I can verify the domain level NS
# host -t NS hub localhost
> hub name server localhost.

I can create an A record  for "salmon.hub."  and this resolves as 
expected:

# host -t a salmon.hub localhost
> salmon.hub has address 8.8.8.8

I want to delegate to a different domain server the subdomain 
"fish.hub" and have created glue records as below in the config 
snippet, but get NXDOMAIN for both the A record and the NS record

# host -t a ns1.fish.hub localhost
> Host ns1.fish.hub not found: 3(NXDOMAIN)

# host -t NS fish.hub localhost
> Host fish.hub not found: 3(NXDOMAIN)

Any suggestions gratefully received.  Pertinent parts of named.conf 
and zone file are shown below, if you need more info please don't 
hesitate to ask


thanks in advance!

TG

/etc/bind/named.conf
acl "trusted" {
    10.0.0.0/8;
    192.168.0.0/16;
    127.0.0.0/8;
    ::1/128;
};
allow-recursion {
    trusted;
   };
forwarders {
    208.67.220.220;
    208.67.222.222;
    };
zone "hub" IN {
   type master;
   file "pri/hub.zone";
   notify no;
    };

/etc/bind/pri/hub.zone
$TTL 1W
@   IN  SOA hub. root.hub.  (
  2008122601 ; Serial
  28800  ; Refresh
  14400  ; Retry
  604800 ; Expire - 1 week
  86400 )    ; Minimum
@   IN  NS  localhost.
@   IN  A   127.0.0.1

@   IN      ::1

salmon.hub. IN  A   8.8.8.8
fish.hub.   IN  NS  ns1.fish.hub.
ns1.fish.hub.   IN  A   4.4.4.4


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Problem with subdomain delegation - NS RR ignored?

2023-05-09 Thread Mark Andrews

Don’t use host for diagnostics.  It really is the wrong tool. If you want to 
see the
delegation make non-recursive queries.

dig a ns1.fish.hub @localhost +norec
dig ns fish.hub @localhost +norec

When you make recursive queries, named follows the records in the zone and 
returns the
answers from the referenced servers.  Compare the above with the recursive 
queries below.

dig a ns1.fish.hub @localhost
dig ns fish.hub @localhost

Mark

> On 10 May 2023, at 14:07, bindu...@thegeezer.net wrote:
> 
> Howdy
> 
> I'm struggling with subdomain creation, for some reason the delegation glue 
> records are being ignored - and i was wondering if someone could help me 
> identify what I've done wrong please.  I know i need to setup another server 
> for the subdomain, but I've been trying to get this going at work and getting 
> the same issue, so thought to try on my test bed.  Can't even get the NS 
> record returned for the subdomain
> 
> Given the domain ".hub"  I can verify the domain level NS
> # host -t NS hub localhost
> > hub name server localhost.
> 
> I can create an A record  for "salmon.hub."  and this resolves as expected:
> # host -t a salmon.hub localhost
> > salmon.hub has address 8.8.8.8
> 
> I want to delegate to a different domain server the subdomain "fish.hub" and 
> have created glue records as below in the config snippet, but get NXDOMAIN 
> for both the A record and the NS record
> # host -t a ns1.fish.hub localhost
> > Host ns1.fish.hub not found: 3(NXDOMAIN)
> 
> # host -t NS fish.hub localhost
> > Host fish.hub not found: 3(NXDOMAIN)
> 
> Any suggestions gratefully received.  Pertinent parts of named.conf and zone 
> file are shown below, if you need more info please don't hesitate to ask
> 
> thanks in advance!
> 
> TG
> 
> /etc/bind/named.conf
> acl "trusted" {
> 10.0.0.0/8;
> 192.168.0.0/16;
> 127.0.0.0/8;
> ::1/128;
> };
> allow-recursion {
> trusted;
>};
> forwarders {
> 208.67.220.220;
> 208.67.222.222;
> };
> zone "hub" IN {
>type master;
>file "pri/hub.zone";
>notify no;
> };
> 
> /etc/bind/pri/hub.zone
> $TTL 1W
> @   IN  SOA hub. root.hub.  (
>   2008122601 ; Serial
>   28800  ; Refresh
>   14400  ; Retry
>   604800 ; Expire - 1 week
>   86400 ); Minimum
> @   IN  NS  localhost.
> @   IN  A   127.0.0.1
> 
> @   IN  ::1
> 
> salmon.hub. IN  A   8.8.8.8
> fish.hub.   IN  NS  ns1.fish.hub.
> ns1.fish.hub.   IN  A   4.4.4.4
> 
> 
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Problem with subdomain delegation - NS RR ignored?

2023-05-09 Thread binduser


Howdy

I'm struggling with subdomain creation, for some reason the delegation 
glue records are being ignored - and i was wondering if someone could 
help me identify what I've done wrong please.  I know i need to setup 
another server for the subdomain, but I've been trying to get this going 
at work and getting the same issue, so thought to try on my test bed.  
Can't even get the NS record returned for the subdomain


Given the domain ".hub"  I can verify the domain level NS
# host -t NS hub localhost
> hub name server localhost.

I can create an A record  for "salmon.hub."  and this resolves as expected:
# host -t a salmon.hub localhost
> salmon.hub has address 8.8.8.8

I want to delegate to a different domain server the subdomain "fish.hub" 
and have created glue records as below in the config snippet, but get 
NXDOMAIN for both the A record and the NS record

# host -t a ns1.fish.hub localhost
> Host ns1.fish.hub not found: 3(NXDOMAIN)

# host -t NS fish.hub localhost
> Host fish.hub not found: 3(NXDOMAIN)

Any suggestions gratefully received.  Pertinent parts of named.conf and 
zone file are shown below, if you need more info please don't hesitate 
to ask


thanks in advance!

TG

/etc/bind/named.conf
acl "trusted" {
    10.0.0.0/8;
    192.168.0.0/16;
    127.0.0.0/8;
    ::1/128;
};
allow-recursion {
    trusted;
   };
forwarders {
    208.67.220.220;
    208.67.222.222;
    };
zone "hub" IN {
   type master;
   file "pri/hub.zone";
   notify no;
    };

/etc/bind/pri/hub.zone
$TTL 1W
@   IN  SOA hub. root.hub.  (
  2008122601 ; Serial
  28800  ; Refresh
  14400  ; Retry
  604800 ; Expire - 1 week
  86400 )    ; Minimum
@   IN  NS  localhost.
@   IN  A   127.0.0.1

@   IN      ::1

salmon.hub. IN  A   8.8.8.8
fish.hub.   IN  NS  ns1.fish.hub.
ns1.fish.hub.   IN  A   4.4.4.4



--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Problem with subdomain delegation - NS RR ignored?

Re: Problem with subdomain delegation - NS RR ignored?

Re: Problem with subdomain delegation - NS RR ignored?

Problem with subdomain delegation - NS RR ignored?

4 matches

Site Navigation

Mail list logo

Footer information