My confusion arises from these 2 sections in replies from bind-users Digest, Vol 1916, Issue 2# 4 reply states it "should be"
# 4 -----------------> >Note that either 0.220/24 wasn't technically correct, it should be: >220/24 NS ns2.sub.test.com. >0.220 CNAME 0.220/24 >but that's an overkill as Phil correctly pointed out. >-- >Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ >Warning: I wish NOT to receive e-mail advertising to this address. >Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. >Microsoft dick is soft to do no harm # 3 -----------------------> >The "220/24" isn't treated as a netmask for automatic expansion. It is >used exactly. The only thing that generates records is the $GENERATE >directive, but even it doesn't understand "220/24" as something for > expansion. > Mukund >-------------- next part -------------- Coming to the main issue at hand, even pointing a /27 boundary from the Linux server running BIND with the generate statements to pick up PTR from the sub Windows Name server did not work. >From the command line ( via dig and nslookup against the MS server) I can lookup ip's which fall under the /27 boundary fine. So it could not be a access or no response problem. I have been using Bind for close to 10 years now. It documented well, lot of resources on the web and this is the first time, I am using the mailing list. Since what is suggested / found is not working out. I clearly understand where the .220.20.17 PTR records need to be, and .20.17 need to have the other NS. Stop preaching to the choir. Since so many postings and doc's say this is the method. So it should have worked for people and it is not working out in our scenario. I plan to stand up another linux server and test it out. May be there is something very specific to our setup and there might a problem with bind doing/passing lookups against the MS DNS. -------------------------------------------------------- >From: /dev/rob0 <r...@gmx.co.uk> >Right. I wonder where the OP got that idea? Not out of the blue, see above Since someone owns a domain called test, are people prohibited from using the phrase ' create a test domain' in their daily lives !! ---------------------------------------------------------- On Wed, Aug 20, 2014 at 8:00 AM, <bind-users-requ...@lists.isc.org> wrote: > Send bind-users mailing list submissions to > bind-users@lists.isc.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.isc.org/mailman/listinfo/bind-users > or, via email, send a message with subject or body 'help' to > bind-users-requ...@lists.isc.org > > You can reach the person managing the list at > bind-users-ow...@lists.isc.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of bind-users digest..." > > > Today's Topics: > > 1. Re: DNS reverse sub delegation NXDOMAIN problem, Class C > (Matus UHLAR - fantomas) > 2. no servers found (Adamiec, Lawrence) > 3. Re: no servers found (Charles Swiger) > 4. Re: no servers found (Adamiec, Lawrence) > 5. Re: DNS reverse sub delegation NXDOMAIN problem, Class C > (/dev/rob0) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 19 Aug 2014 19:03:20 +0200 > From: Matus UHLAR - fantomas <uh...@fantomas.sk> > To: bind-users@lists.isc.org > Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C > Message-ID: <20140819170320.ga32...@fantomas.sk> > Content-Type: text/plain; charset=us-ascii; format=flowed > > On 19.08.14 11:54, Bazy V wrote: > >One post said 220/24 is not the correct format, > >Another post said that is the format. > > no post said this. > > > Not sure which one is correct. > > 220.20.172.IN-ADDR.ARPA is the correct zone into which to put PTR records. > > >Setting 220 NS ns2.sub.test.com. > > this belongs to the 20.172.IN-ADDR.ARPA domain on your recursive nameserver > - the one your resolv.conf points to. > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > "To Boot or not to Boot, that's the question." [WD1270 Caviar] > > > ------------------------------ > > Message: 2 > Date: Tue, 19 Aug 2014 15:47:29 -0500 > From: "Adamiec, Lawrence" <ladam...@kentlaw.iit.edu> > To: bind-users@lists.isc.org > Subject: no servers found > Message-ID: > < > cah89phaez+ndql8ug6g_sgisw7sjdrdki_ydjqtcdvbp-xs...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > HI, > > I am running BIND 9.6-ESV-R5-P1 on a Solaris 10 server. I can run queries > without specifying a name server on my Solaris servers successfully. When > I try to run a query on a Solaris 10 virtual server, I get "connection > timed out; no servers could be reached" error. > > If I add the name servers from our main campus (or 8.8.8.8) to the virtual > server's resolv.conf file, then dig will use the other name server and skip > my name server to resolve the query which is successful. > > If i use dig and specify my master name server, then the query works fine. > > I do not understand why the virtual server cannot find the name servers on > my campus (my building) unless I specify it. > > > Host file contents of virtual server > # > # Internet host table > # > ::1 localhost > 127.0.0.1 localhost > 64.131.119.61 dnstest.kentlaw.edu dnstest loghost > 64.131.119.11 nsa.kentlaw.edu nsa > 64.131.119.12 nsb.kentlaw.edu nsb > > > resolv.conf contents of virtual server > > domain kentlaw.edu > nameserver 66.131.119.11 > nameserver 66.131.119.12 > nameserver 216.47.128.11 > nameserver 216.47.128.12 > nameserver 8.8.8.8 > search kentlaw.edu > > > Larry > > Lawrence Adamiec > UNIX Mgr/Web Support Specialist > Illinois Institute of Technology-DTC > 565 W. Adams St. > Chicago, IL > 60661 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20140819/563d60cf/attachment-0001.html > > > > ------------------------------ > > Message: 3 > Date: Tue, 19 Aug 2014 13:54:57 -0700 > From: Charles Swiger <cswi...@mac.com> > To: "Adamiec, Lawrence" <ladam...@kentlaw.iit.edu> > Cc: bind-users@lists.isc.org > Subject: Re: no servers found > Message-ID: <2454357e-535d-41a7-834e-5f613a9a0...@mac.com> > Content-Type: text/plain; charset="us-ascii" > > Hi-- > > On Aug 19, 2014, at 1:47 PM, "Adamiec, Lawrence" <ladam...@kentlaw.iit.edu> > wrote: > > I am running BIND 9.6-ESV-R5-P1 on a Solaris 10 server. I can run > queries without specifying a name server on my Solaris servers > successfully. When I try to run a query on a Solaris 10 virtual server, I > get "connection timed out; no servers could be reached" error. > > > > If I add the name servers from our main campus (or 8.8.8.8) to the > virtual server's resolv.conf file, then dig will use the other name server > and skip my name server to resolve the query which is successful. > > It's fairly normal for virtualization stuff to forbid network access from > a VM to the host, via some combination of network interface configuration > and NAT/firewall rules. > > If you're using VirtualBox, look into "bridged adaptor", ie: > > https://www.virtualbox.org/manual/ch06.html#network_bridged > > Regards, > -- > -Chuck > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20140819/b27eb40b/attachment-0001.html > > > > ------------------------------ > > Message: 4 > Date: Tue, 19 Aug 2014 16:07:50 -0500 > From: "Adamiec, Lawrence" <ladam...@kentlaw.iit.edu> > To: Charles Swiger <cswi...@mac.com> > Cc: bind-users@lists.isc.org > Subject: Re: no servers found > Message-ID: > <CAH89pHYeWd1VyhJzcNU86xyQkThWKVm+La= > sb99hpyqw4jk...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I should have said it was a Solaris 10 zone (container). I am not using > VirtualBox, VMware, or other third party software. > > Larry > > > > On Tue, Aug 19, 2014 at 3:54 PM, Charles Swiger <cswi...@mac.com> wrote: > > > Hi-- > > > > On Aug 19, 2014, at 1:47 PM, "Adamiec, Lawrence" < > ladam...@kentlaw.iit.edu> > > wrote: > > > > I am running BIND 9.6-ESV-R5-P1 on a Solaris 10 server. I can run > queries > > without specifying a name server on my Solaris servers successfully. > When > > I try to run a query on a Solaris 10 virtual server, I get "connection > > timed out; no servers could be reached" error. > > > > If I add the name servers from our main campus (or 8.8.8.8) to the > virtual > > server's resolv.conf file, then dig will use the other name server and > skip > > my name server to resolve the query which is successful. > > > > > > It's fairly normal for virtualization stuff to forbid network access from > > a VM to the host, via some combination of network interface configuration > > and NAT/firewall rules. > > > > If you're using VirtualBox, look into "bridged adaptor", ie: > > > > https://www.virtualbox.org/manual/ch06.html#network_bridged > > > > Regards, > > -- > > -Chuck > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20140819/aadca1f3/attachment-0001.html > > > > ------------------------------ > > Message: 5 > Date: Tue, 19 Aug 2014 18:21:44 -0500 > From: /dev/rob0 <r...@gmx.co.uk> > To: bind-users@lists.isc.org > Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C > Message-ID: <20140819232144.gu23...@harrier.slackbuilds.org> > Content-Type: text/plain; charset=us-ascii > > Sorry, this is going to be a pedantic post, so I might as well start > here: > > > Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C > > No, there's no such thing as "Class C", so please forget that. It's > a /24 network. CIDR is in; class is dismissed. > > On Tue, Aug 19, 2014 at 07:03:20PM +0200, Matus UHLAR - fantomas wrote: > > On 19.08.14 11:54, Bazy V wrote: > > >One post said 220/24 is not the correct format, > > >Another post said that is the format. > > > > no post said this. > > Right. I wonder where the OP got that idea? > > > >Not sure which one is correct. > > > > 220.20.172.IN-ADDR.ARPA is the correct zone into which to put PTR > > records. > > > > >Setting 220 NS ns2.sub.test.com. > > Test.com is a real Internet domain. Please don't use that if you > aren't the actual owner. > > > this belongs to the 20.172.IN-ADDR.ARPA domain > > Yes, to repeat, and enhanced for RFC 2606 compliance: > > 220 NS ns2.sub.example.com. > > > on your recursive nameserver > > - the one your resolv.conf points to. > > Well no, not necessarily. This is authoritative service we are > discussing here. > > That said, sure, typically you're going to host such internal-only > zones on a server that also does recursion. That's not required, > however. The recursive server could have stub or static-stub zones, > or even an alternate root zone, which points to the authoritative > server. > > Pedantry complete. > -- > http://rob0.nodns4.us/ > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: > > > ------------------------------ > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > End of bind-users Digest, Vol 1917, Issue 1 > ******************************************* >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
