Discussion:
having problem with subdomain delegation help!
Mr. David
2004-01-18 17:10:47 UTC
Permalink
Hi, I am having problem delegating subdomain for internal DNS server,
ops.company.com to another department. I am running BIND 9.2.0. I
googled for three days and I thought this is pretty straight forward
process but doesn't work for me. the subdomain server is running
windows 2003 DNS. subdomain zone (ops.company.com) have been setup and
working on the windows 2003 DNS server. However on my FreeBSD master
server (ns1i.company.com) I am having problem delegating the subdomain
(ops.company.com). Also note that the subdomain (ops.company.com) DNS
server is in another domain, dns1.company2.com. dns1.company2.com will
be master for ops.company.com subdomain. This is how I have it setup.

On my FreeBSD master server, ns1i.company.com (10.2.20.249):
company.com zone file,

ops 86400 IN NS dns1.company2.com.
dns1.company2.com. 86400 IN A 192.168.1.20

in my /etc/host file

192.168.1.20 dns1.company2.com

When i do, "ndc reload" this is the message in the /var/log/debug

Jan 18 10:55:31 ns1-i named[25542]: dns_master_load:
soa/company.com.db:14: ignoring out-of-zone data (dns1.company2.com)
Jan 18 10:55:32 ns1-i named[25542]: zone company.com/IN: loaded serial
2004011704
Jan 18 10:55:32 ns1-i named[25542]: zone company.com/IN: sending
notifies (serial 2004011704)
Jan 18 10:55:32 ns1-i named[25542]: client 10.2.20.249#3773: transfer of
'company.com/IN': AXFR-style IXFR started

and host commands can't find it.

# host -t ns ops.company.com ns1i.company.com
Using domain server:
Name: ns1i.company.com
Address: 10.2.20.249#53
Aliases:

Host ops.company.com not found: 3(NXDOMAIN)

--------
What am i doing wrong and how can I further troubleshoot this?

Thanks so much!

-David
Simon Waters
2004-01-18 18:34:53 UTC
Permalink
Post by Mr. David
ops 86400 IN NS dns1.company2.com.
dns1.company2.com. 86400 IN A 192.168.1.20
You can't put "company2.com" A records in the zone "company.com", why
would anyone think of looking there for it?

You'll need to ensure all your DNS servers see the view of the
company2.com zone where dns1.company2.com maps to 192.168.1.20.

But we can't tell you how to do this without knowing how the networks
are set up.

If you ensure that ops.company.com only uses NS in company.com zone you
(even if you have to add some extra A records) life stays simple, at
east till company2 renumbers their machines.


-- Attached file included as plaintext by Ecartis --
Mr. David
2004-01-18 19:03:59 UTC
Permalink
Simon, thanks for responding.
Post by Simon Waters
Post by Mr. David
ops 86400 IN NS dns1.company2.com.
dns1.company2.com. 86400 IN A 192.168.1.20
You can't put "company2.com" A records in the zone "company.com", why
would anyone think of looking there for it?
My dns server need to know where the subdomain dns server is, doesn't
it? How should I do this then?
Post by Simon Waters
You'll need to ensure all your DNS servers see the view of the
company2.com zone where dns1.company2.com maps to 192.168.1.20.
How do I check to see the view of the other server?
Post by Simon Waters
But we can't tell you how to do this without knowing how the networks
are set up.
If you ensure that ops.company.com only uses NS in company.com zone you
(even if you have to add some extra A records) life stays simple, at
east till company2 renumbers their machines.
-- Attached file included as plaintext by Ecartis --
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFACtHNGFXfHI9FVgYRAuYeAKC154FVzN3sKuw+jfQkR9l5HVLs/ACfcveD
kSHZFL+WTqQzdnWFW32JjqU=
=9rCD
-----END PGP SIGNATURE-----
Mr. David
2004-01-18 19:12:10 UTC
Permalink
Post by Simon Waters
Post by Mr. David
ops 86400 IN NS dns1.company2.com.
dns1.company2.com. 86400 IN A 192.168.1.20
You can't put "company2.com" A records in the zone "company.com", why
would anyone think of looking there for it?
This is the glue record. won't I need this? Thanks.
Post by Simon Waters
You'll need to ensure all your DNS servers see the view of the
company2.com zone where dns1.company2.com maps to 192.168.1.20.
But we can't tell you how to do this without knowing how the networks
are set up.
If you ensure that ops.company.com only uses NS in company.com zone you
(even if you have to add some extra A records) life stays simple, at
east till company2 renumbers their machines.
-- Attached file included as plaintext by Ecartis --
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFACtHNGFXfHI9FVgYRAuYeAKC154FVzN3sKuw+jfQkR9l5HVLs/ACfcveD
kSHZFL+WTqQzdnWFW32JjqU=
=9rCD
-----END PGP SIGNATURE-----
Simon Waters
2004-01-18 19:50:27 UTC
Permalink
Post by Mr. David
Post by Simon Waters
Post by Mr. David
ops 86400 IN NS dns1.company2.com.
dns1.company2.com. 86400 IN A 192.168.1.20
You can't put "company2.com" A records in the zone "company.com", why
would anyone think of looking there for it?
This is the glue record. won't I need this? Thanks.
Glue is only needed where the nameserver a zone is delegated to is in
the delegated domain.

If the dns server for ops.example.com were dns1.ops.example.com, you
would need glue, otherwise how would anything know where
dns1.ops.example.com was?

In general if your DNS server is in another zone (i.e.
dns1.company2.com), how servers find information about company2.com
answers is the problem of the admin of the company2.com zone.

In your case there is a complication because dns1.company2.com is a
private IP address, so you are presumably talking about a private
network, and it is very hard to suggest the best approach without a
better description of how this private DNS is arranged. You may need to
ensure that all your name servers see the private view of the zone
company2.com. It may be simpler to rename the DNS servers for
ops.compay.com to dns1.ops.company.com and use a glue record.


-- Attached file included as plaintext by Ecartis --
Mr. David
2004-01-18 20:58:08 UTC
Permalink
Post by Simon Waters
Post by Mr. David
Post by Simon Waters
Post by Mr. David
ops 86400 IN NS dns1.company2.com.
dns1.company2.com. 86400 IN A 192.168.1.20
You can't put "company2.com" A records in the zone "company.com", why
would anyone think of looking there for it?
This is the glue record. won't I need this? Thanks.
Glue is only needed where the nameserver a zone is delegated to is in
the delegated domain.
If the dns server for ops.example.com were dns1.ops.example.com, you
would need glue, otherwise how would anything know where
dns1.ops.example.com was?
In general if your DNS server is in another zone (i.e.
dns1.company2.com), how servers find information about company2.com
answers is the problem of the admin of the company2.com zone.
In your case there is a complication because dns1.company2.com is a
private IP address, so you are presumably talking about a private
network, and it is very hard to suggest the best approach without a
better description of how this private DNS is arranged. You may need to
ensure that all your name servers see the private view of the zone
company2.com. It may be simpler to rename the DNS servers for
ops.compay.com to dns1.ops.company.com and use a glue record.
-- Attached file included as plaintext by Ecartis --
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFACuOEGFXfHI9FVgYRAkkrAJ0WF11D3vXlqjl+j6F+bQjmApX77QCgqcZc
z5tkOLs6HqigcFzEPqqn15Y=
=sSHl
-----END PGP SIGNATURE-----
I think the problem is with the company.com name server. I tested
making my slave server ns2i.company.com as master for subdomain
ops.company.com. I could query system.ops.company.com just fine when
using ns2i.company.com DNS server, but when i used ns1i.company.com it
doesn't see system.ops.company.com.

on ns1i.company.com this is the entry I have.

ops.company.com. 86400 IN NS ns2i.company.com.
ns2i.company.com. 86400 IN A 10.200.2.252

Is there anywhere else do I need to make edit to delegate from master?

Thanks.

Loading...