Uh, OK. Thanks for that. So, how can I confirm that my formerly "caching only" DNS server is now fetching records from transferred zone files? TIA -- Rob
On Wed, Jul 29, 2009 at 12:31 PM, Kevin Darcy <k...@chrysler.com> wrote: > The +trace option *forces* dig to step through each level of the hierarchy. > > Therefore it's not a good way of testing any kind of "override" of the > normal iterative-resolution process. > > > - Kevin > > Rob Z wrote: > >> Hello list, >> Here's my scenario: >> I have multiple DNS servers (one master and a few slaves) authoritative >> for a few zones (eg mydomain.com <http://mydomain.com>, >> zone1.mydomain.com <http://zone1.mydomain.com> etc). >> I also have a caching server (a stock Redhat caching-nameserver.rpm >> configuration, BIND 9.2.4 ) which is used by clients on LAN to query DNS for >> zone1.mydomain.com <http://zone1.mydomain.com>. >> As far as I understand this caching server does a full recursive >> resolution to get information for zone1.mydomain.com < >> http://zone1.mydomain.com> ( going to root servers, then going to .com >> servers then to mydomain.com <http://mydomain.com> server). >> My obective is to convert this caching server into a slave server, which >> will transfer the full zone1.mydomain.com <http://zone1.mydomain.com>. >> Am I correct in the assumption that the slave server should answer queries >> for zone1.mydomain.com <http://zone1.mydomain.com> directly as it has all >> the information? >> I modified the config by adding >> zone "zone1.mydomain.com <http://zone1.mydomain.com>" { >> type slave; >> file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>"; >> masters { A.B.C.D; }; >> }; >> to the caching server config and configured the master server to allow >> transfers. The zone is being transfered correctly, mydomain/ >> hosts.mydomain.com <http://hosts.mydomain.com> is popupated. >> However, >> dig +trace @localhost host1.zone1.mydomain.com < >> http://host1.zone1.mydomain.com> >> shows that the server is still doing a full recursion, going to the root >> servers, tld servers etc. >> What am I missing? Do I also have to list my caching server as NS record >> in the zone1.mydomain.com <http://zone1.mydomain.com>? >> It's located on a private network and won't be able to answer queries from >> the Internet. >> Attached is my config file >> =================================================== >> // >> // named.conf for Red Hat caching-nameserver >> // >> >> options { >> directory "/var/named"; >> dump-file "/var/named/data/cache_dump.db"; >> statistics-file "/var/named/data/named_stats.txt"; >> /* >> * If there is a firewall between you and nameservers you want >> * to talk to, you might need to uncomment the query-source >> * directive below. Previous versions of BIND always asked >> * questions using port 53, but BIND 8.1 uses an unprivileged >> * port by default. >> */ >> // query-source address * port 53; >> }; >> >> // >> // a caching only nameserver config >> // >> controls { >> inet 127.0.0.1 allow { localhost; } keys { rndckey; }; >> }; >> >> zone "." IN { >> type hint; >> file "named.ca <http://named.ca>"; >> }; >> >> zone "localdomain" IN { >> type master; >> file "localdomain.zone"; >> allow-update { none; }; >> }; >> >> zone "localhost" IN { >> type master; >> file "localhost.zone"; >> allow-update { none; }; >> }; >> >> zone "0.0.127.in-addr.arpa" IN { >> type master; >> file "named.local"; >> allow-update { none; }; >> }; >> >> zone >> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN >> { >> type master; >> file "named.ip6.local"; >> allow-update { none; }; >> }; >> >> zone "255.in-addr.arpa" IN { >> type master; >> file "named.broadcast"; >> allow-update { none; }; >> }; >> >> zone "0.in-addr.arpa" IN { >> type master; >> file "named.zero"; >> allow-update { none; }; >> }; >> >> zone "zone1.MYDOMAIN.COM <http://zone1.MYDOMAIN.COM>" { >> type slave; >> file "mydomain/hosts.mydomain.com <http://hosts.mydomain.com>"; >> masters { A.B.C.D; }; >> }; >> >> include "/etc/rndc.key"; >> =================================================== >> Thanks >> Rob >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
