That’s what I was hoping to do, but I don’t seem to be able to get the delegation bit working. I’ve tried it with the load balances in the same parent domain and in a different domain. I’ve tried it delegating at gslb…. And one level up. But when I query the authoritative server recursively, it gives me the root zone.
Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.gslb.aelabad.net @ns3.aelabad.net +norecurse ; <<>> DiG 9.8.3-P1 <<>> outlook.gslb.aelabad.net @ns3.aelabad.net +norecurse ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14134 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;outlook.gslb.aelabad.net. IN A ;; AUTHORITY SECTION: outlook.gslb.aelabad.net. 1200 IN NS nsg3.aelabad.net. outlook.gslb.aelabad.net. 1200 IN NS nsg4.aelabad.net. ;; ADDITIONAL SECTION: nsg3.aelabad.net. 1200 IN A 10.10.9.3 nsg4.aelabad.net. 1200 IN A 10.10.9.4 ;; Query time: 4 msec ;; SERVER: 10.1.9.34#53(10.1.9.34) ;; WHEN: Mon Apr 7 17:12:44 2014 ;; MSG SIZE rcvd: 112 Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.gslb.aelabad.net @ns3.aelabad.net ; <<>> DiG 9.8.3-P1 <<>> outlook.gslb.aelabad.net @ns3.aelabad.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 988 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;outlook.gslb.aelabad.net. IN A ;; AUTHORITY SECTION: net. 697 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1396908552 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 10.1.9.34#53(10.1.9.34) ;; WHEN: Mon Apr 7 17:12:51 2014 ;; MSG SIZE rcvd: 115 On 4/7/14, 10:30 AM, "Mike Hoskins (michoski)" <micho...@cisco.com> wrote: >In the past when doing this with Cisco GSS I followed Akamai's example, >and had success with stuff like (gdns* were the CSS): > >; delegation of gslb.domain.com >$TTL 172800 ; 2 days >gdns1.domain.com. A a.b.c.d >gdns2.domain.com. A e.f.g.h >gdns3.domain.com. A i.j.k.l >gdns4.domain.com. A m.n.o.p >gdns5.domain.com. A q.r.s.t >gdns6.domain.com. A u.v.w.x >gslb.domain.com. NS gdns1.domain.com. >gslb.domain.com. NS gdns2.domain.com. >gslb.domain.com. NS gdns3.domain.com. >gslb.domain.com. NS gdns4.domain.com. >gslb.domain.com. NS gdns5.domain.com. >gslb.domain.com. NS gdns6.domain.com. >$TTL 3600 ; 1 hour >$ORIGIN domain.com. >; Hey we look like Akamai! >gsstest CNAME gsstest.domain.com.gslb.domain.com. > > >... > ># dig @8.8.8.8 gsstest.domain.com >... >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3701 >;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 >... >;; ANSWER SECTION: >gsstest.domain.com. 3599 IN CNAME >gsstest.domain.com.gslb.domain.com. >gsstest.domain.com.gslb.domain.com. 19 IN A ip.ad.dr.es >... > > >-----Original Message----- >From: <McDonald>, Dan <dan.mcdon...@austinenergy.com> >Date: Monday, April 7, 2014 at 10:16 AM >To: Bind Users <bind-users@lists.isc.org> >Subject: Delegation of part of a zone to a global server load balancer > >>What¹s the right way to delegate individual zone records to a ³global >>server load balancer², which is just a simple DNS server that checks to >>see if a server is up and if so adds the address to the rotation for >>resolution. >> >> >>I¹ve tried simple delegation using ns records, but I don¹t get >>resolution. In this example, nsg3 and 4 are my global server load >>balancers for the outlook.aelabad.net zone, and ns3.aelabad.net is the >>start of authority for the aelabad.net zone. >> >> >> >> >>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net +norecurse >>@ns3.aelabad.net >> >> >>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net +norecurse @ns3.aelabad.net >>;; global options: +cmd >>;; Got answer: >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25051 >>;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 >> >> >>;; QUESTION SECTION: >>;outlook.aelabad.net.IN A >> >> >>;; AUTHORITY SECTION: >>outlook.aelabad.net.1200 INNS nsg4.austin-energy.net. >>outlook.aelabad.net.1200 INNS nsg3.austin-energy.net. >> >> >>;; ADDITIONAL SECTION: >>nsg3.austin-energy.net.918 INA 10.10.9.3 >> >> >>;; Query time: 1 msec >>;; SERVER: 10.1.9.34#53(10.1.9.34) >>;; WHEN: Mon Apr 7 09:05:42 2014 >>;; MSG SIZE rcvd: 105 >>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net >>@nsg3.austin-energy.net >> >> >>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net @nsg3.austin-energy.net >>;; global options: +cmd >>;; Got answer: >>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8783 >>;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 >> >> >>;; QUESTION SECTION: >>;outlook.aelabad.net.IN A >> >> >>;; ANSWER SECTION: >>outlook.aelabad.net.10 INA 10.10.223.52 >> >> >>;; Query time: 3 msec >>;; SERVER: 10.10.9.3#53(10.10.9.3) >>;; WHEN: Mon Apr 7 09:03:03 2014 >>;; MSG SIZE rcvd: 72 >>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net >>@ns3.aelabad.net >> >> >>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net @ns3.aelabad.net >>;; global options: +cmd >>;; Got answer: >>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14770 >>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 >> >> >>;; QUESTION SECTION: >>;outlook.aelabad.net.IN A >> >> >>;; AUTHORITY SECTION: >>net.686 INSOA a.gtld-servers.net. nstld.verisign-grs.com. 1396879162 1800 >>900 604800 86400 >> >> >>;; Query time: 2 msec >>;; SERVER: 10.1.9.34#53(10.1.9.34) >>;; WHEN: Mon Apr 7 09:03:17 2014 >>;; MSG SIZE rcvd: 110 >> >> >> >> >> >> >> > >_______________________________________________ >Please visit https://lists.isc.org/mailman/listinfo/bind-users to >unsubscribe from this list > >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
