DNS conundrum

From: Tony van Lingen (tony.vanlingen@epa.qld.gov.au)
Date: Sun Jan 23 2005 - 02:37:44 EST

• Next message: Gold Sun: "Literature on Solstice Disksuites & Veritas Volume Manager"
• Previous message: Loris Serena: "e1000g NIC on Solaris 8 x86"
• Next in thread: Gold Sun: "Literature on Solstice Disksuites & Veritas Volume Manager"
• Reply: Gold Sun: "Literature on Solstice Disksuites & Veritas Volume Manager"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

G'day All.

Forgive me if this is off-topic, I'm really out of my depth here.

What I'm trying to achieve is a delegation in 3 domains. I've got two
dnsservers, a master (srvr1) and a slave (srvr2). Apart from their
respective roles the setup is exactly the same.

srvr1 is a Netra t1 105, solaris 8 Generic_117350-16, bind 9.2.3.
srvr2 is a E420R, solaris 8 Generic_117350-16 , bind 9.2.3

srvr1 also runs Websense Enterprise and SunOne proxy server.
srvr2 also runs sendmail and Steltor Calender server.

Both operating systems are patched up to 22 Dec. 2004 (8_Recommended),
and the bind binaries are identical. I even re-installed bind with a
fresh package downloaded from sunfreeware.com.

The problem:

The master server will only resolve one of the 3 child domains, namely
the one that is within the same domain as srvr1 itself (lets call that
domain dom1). The slave is also a member of dom1, but it will resolve
all sub-domains as expected. Dom2 is in fact the same domain as dom1,
but under a different name. As part of my attempts to get this to work,
I copied (binary, with scp) the entire configuration from srvr1 onto
srvr2 so that that server became the master. With the exact same setup
that fail s on srvr1, srvr2 continues to resolve all three subdomains
correctly. To me this indicates that the configuration is correct. Any
suggestions are welcome...

The configuration:

MASTER - srvr1.dom1.mydom.au - 10.0.0.1

( named.conf )
------------------
zone "dom1.mydom.au" in {
        type master;
        file "db.dom1";
};

zone "dom2.mydom.au" in {
        type master;
        file "db.dom2";
};

zone "internal" in {
        type master;
        file "db.internal";
};

(db.dom1)
------------------
$ORIGIN .
$TTL 300 ; 5 minutes
dom1.mydom.au. IN SOA srvr1.dom1.mydom.au.
root.srvr1.dom1.mydom.au. (
                                2005012100 ; serial
                                300 ; refresh (5 minutes)
                                3600 ; retry (1 hour)
                                604800 ; expire (1 week)
                                86400 ; minimum (1 day)
                                )
                        NS srvr1.dom1.mydom.au.
                        NS srvr2.dom1.mydom.au.

$ORIGIN dom1.mydom.au.
poc NS ns1.pocroot.dom1.mydom.au.
pocroot NS ns1.pocroot.dom1.mydom.au.

; glue record to effectuate delegation
ns1.pocroot A 10.10.0.1

(db.dom2)
--------------------
$ORIGIN .
$TTL 300 ; 5 minutes
dom2.mydom.au. IN SOA srvr1.dom2.mydom.au.
root.srvr1.dom2.mydom.au. (
                                2005012100 ; serial
                                300 ; refresh (5 minutes)
                                3600 ; retry (1 hour)
                                604800 ; expire (1 week)
                                86400 ; minimum (1 day)
                                )
                        NS srvr1.dom2.mydom.au.
                        NS srvr2.dom2.mydom.au.

$ORIGIN dom2.mydom.au.
poc NS ns1.pocroot.dom2.mydom.au.
pocroot NS ns1.pocroot.dom2.mydom.au.

; glue record to effectuate delegation
ns1.pocroot A 10.10.0.1

(db.internal)
------------------
$ORIGIN .
$TTL 86400 ; 1 day

internal IN SOA srvr1.dom2.mydom.au.
root.srvr1.dom2.mydom.au.(
                                2005012101 ; serial
                                300 ; refresh (5 minutes)
                                3600 ; retry (1 hour)
                                604800 ; expire (1 week)
                                86400 ; minimum (1 day)
                                )
                        NS srvr1.dom2.mydom.au.
                        NS srvr2.dom2.mydom.au.

$ORIGIN internal.

;
; Child domains
;

ad NS ns1.ad.internal.
                        NS ns2.ad.internal.

;
; glue records to effectuate delegation
;

ns1.ad A 10.16.3.50
ns2.ad A 10.16.3.51

==================================
SLAVE - srvr1.dom1.mydom.au - 10.0.0.2

( named.conf )
------------------
zone "dom1.mydom.au" in {
        type slave;
        file "bk.dom1";
        masters { 10.0.0.1; };
};

zone "dom2.mydom.au" in {
        type slave;
        file "bk.dom2";
        masters { 10.0.0.1; };
};

zone "internal" in {
        type slave;
        file "bk.internal";
        masters { 10.0.0.1; };
};

Sample session: (default search domain = dom1.mydom.au)
# The NXDOMAIN answers from srvr1 are the problem, the time-out is
correct - poc's NS servers are offline.
==============
$ host ad.internal srvr1
Name: srvr1
Address: 10.0.0.1#53
Aliases:

Host ad.internal not found: 3(NXDOMAIN)
$ host ad.internal srvr2
Using domain server:
Name: srvr2
Address: 10.0.0.2#53
Aliases:

ad.internal has address 10.16.3.51
ad.internal has address 10.16.3.50
$ host poc.epa.qld.gov.au srvr1
Using domain server:
Name: srvr1
Address: 10.0.0.1#53
Aliases:

Host poc.epa.qld.gov.au not found: 3(NXDOMAIN)
$ host poc.env.qld.gov.au srvr2
;; connection timed out; no servers could be reached

$ host poc.env.qld.gov.au srvr1
;; connection timed out; no servers could be reached

$ host poc.epa.qld.gov.au srvr1
;; connection timed out; no servers could be reached

--
Tony van Lingen
Technical Consultant
Technology One Limited,
67 High Street Toowong Qld 4066
Mobile:  0413 701 284
Phone :  +61 7 3377 7300(TechOne), +61 7 3234 1972 (EPA)
Fax   :  +61 7 3377 7301(TechOne), +61 7 3227 6534 (EPA)
E-mail:  tvlingen@acslink.net.au
Web   :  http://www.TechnologyOneCorp.com
Technology One is one of Australasia's largest and most successful publicly
listed software companies. Our focus is the design, development,
implementation and support of enterprise wide software solutions. We deliver
totally integrated, powerful business solutions that seamlessly connect our
clients with their employees, suppliers and customers.
Confidentiality and Liability Statement
Technology One's entire liability will be limited to re-supplying the material
enclosed. No other warranties are provided. Technology One accepts no
liability for any damage caused by this email or its attachments due to
viruses, interference, interception corruption or unauthorised access.
The information transmitted in this email is only for the recipient referred
in this email and may contain confidential and/or privileged material. If you
are not the intended recipient (or responsible for delivery of the message to
such person), you may not copy or deliver this message to anyone. In such case
any use of, copying, review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or entities
other than the intended recipient is prohibited. If you received this in
error, please contact the sender immediately, destroy all copies of this
information and remove the material from the system. Please also contact the
sender if you have any doubts about the authenticity of this email. Technology
One is not responsible for any changes made to a document other than those
made by our company or for the effect of the changes on the document's
meaning. Opinions, conclusions and other information in this message that do
not relate to the official business of the company shall be understood as
neither given nor endorsed by it. This email (including any attachments) may
also contain computer viruses or other defects. We use virus scanning software
but exclude all liability for viruses or similar in any attachment.
Our Commitment against SPAM
If you would prefer not to receive further messages from this sender, please
forward their email to Stop_Spam@TechnologyOneCorp.com. We are against the
sending of unsolicited email (SPAM) and have made every effort within our
organisation to discourage and prohibit the sending of spam. If you believe
that you have been spammed please email Stop_Spam@TechnologyOneCorp.com to
report your complaint.
___________________________
Disclaimer
This e-mail, including attachments if any, has originated from a Queensland
government agency and may contain information that is confidential, or covered
by legal professional privilege, and is intended for the named recipient(s)
only.  If you have received this message in error, you are asked to inform the
sender as quickly as possible and delete this message and any copies of this
message from your computer system network.
Any form of disclosure, modification, distribution and/or publication of this
e-mail, including attachments is prohibited.  Unless otherwise stated, this
e-mail, including attachments represents the views of the sender and not the
views of the Environmental Protection Agency.
Although this e-mail has been checked for the presence of computer viruses,
the Environmental Protection Agency provides no warranty that all possible
viruses have been detected and cleaned.  Any use of this e-mail could harm
your computer system.
___________________________
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Gold Sun: "Literature on Solstice Disksuites & Veritas Volume Manager"
• Previous message: Loris Serena: "e1000g NIC on Solaris 8 x86"
• Next in thread: Gold Sun: "Literature on Solstice Disksuites & Veritas Volume Manager"
• Reply: Gold Sun: "Literature on Solstice Disksuites & Veritas Volume Manager"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:03 EDT