Hello,
Been trying to follow an online HOW-TO on split DNS for Debian and I'm tearing my hair out
Anyway. I put in the forwarders as my named.conf file has the following part:
Code:
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder. If you think it's best to remove it, then I will.
OK. There are 2 nameservers, one in a different building, one of which is my own, and one of which is my colleague's. My nameserver holds the DNS records for biased.org, and hers is the backup. Again, giggleworthy.co.uk is our own DNS servers, the main host being my colleague's server. I remember a while ago we had problems with DNS root servers needing proper nameservers.
My nameserver is on destiny, the same server Zimbra is on. It is behind a NAT device, with port 53 forwarded on the router to destiny. My colleague has a similar situation, though she don't have Zimbra. I'm only using her nameserver as a reqired backup.
I have tried putting in split DNS with no success. This is my named.conf before and after putting in split DNS.
Before putting in split-DNS stuff...
Code:
options {
directory "/var/cache/bind";
allow-recursion {192.168.0.0/16; localhost;};
forward first;
forwarders { 212.104.130.9; 212.104.130.65; };
auth-nxdomain no; # conform to RFC1035
};
controls {
inet 127.0.0.1 allow {localhost;} keys {rndc_key;};
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add entries for other zones below here
zone "0.0.127.in-addr.arpa" {
allow-transfer {localhost;};
allow-query {any;};
type master;
file "/etc/bind/pz/127.0.0";
};
zone "10sca.intranet" {
allow-transfer {localhost;};
allow-query {any;};
type master;
notify no;
file "/etc/bind/pz/10sca.intranet";
};
zone "biased.org" {
allow-transfer {195.149.5.82; localhost;};
allow-query {any;};
type master;
notify yes;
file "/etc/bind/pz/external.biased.org";
};
zone "giggleworthy.co.uk"{
type slave;
file "/etc/bind/sdb/sdb.giggleworthy.co.uk";
masters { 195.149.5.82; };
};
zone "1.168.192.in-addr.arpa" {
allow-transfer {localhost;};
allow-query {any;};
type master;
notify no;
file "/etc/bind/pz/192.168.1";
};
zone "2.168.192.in-addr.arpa" {
allow-transfer {localhost;};
allow-query {any;};
type master;
notify no;
file "/etc/bind/pz/192.168.2";
}; After putting in split-DNS stuff...
Code:
options {
directory "/var/cache/bind";
allow-recursion {192.168.0.0/16; localhost;};
forward first;
forwarders { 212.104.130.9; 212.104.130.65; };
auth-nxdomain no; # conform to RFC1035
};
controls {
inet 127.0.0.1 allow {localhost;} keys {rndc_key;};
};
acl internals {
192.168.0.0/16;
127.0.0.0/8;
};
view "internal" {
match-clients { internals; };
recursion yes;
zone "biased.org" {
type master;
file "/etc/bind/pz/internal.biased.org";
};
};
view "external" {
match-clients { any; } ;
recursion no;
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add entries for other zones below here
zone "0.0.127.in-addr.arpa" {
allow-transfer {localhost;};
allow-query {any;};
type master;
file "/etc/bind/pz/127.0.0";
};
zone "10sca.intranet" {
allow-transfer {localhost;};
allow-query {any;};
type master;
notify no;
file "/etc/bind/pz/10sca.intranet";
};
zone "biased.org" {
allow-transfer {195.149.5.82; localhost;};
allow-query {any;};
type master;
notify yes;
file "/etc/bind/pz/external.biased.org";
};
zone "giggleworthy.co.uk"{
type slave;
file "/etc/bind/sdb/sdb.giggleworthy.co.uk";
masters { 195.149.5.82; };
};
zone "1.168.192.in-addr.arpa" {
allow-transfer {localhost;};
allow-query {any;};
type master;
notify no;
file "/etc/bind/pz/192.168.1";
};
zone "2.168.192.in-addr.arpa" {
allow-transfer {localhost;};
allow-query {any;};
type master;
notify no;
file "/etc/bind/pz/192.168.2";
};
}; This works for everything apart from biased.org which is the most important part! Dig gets:
Code:
destiny:/etc/bind# dig www.biased.org
; <<>> DiG 9.2.4 <<>> www.biased.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8118
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.biased.org. IN A
;; Query time: 5 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Wed Feb 28 10:00:21 2007
;; MSG SIZE rcvd: 32
destiny:/etc/bind#
I think the reason to this is a bit obvious:
Code:
Feb 28 09:56:02 destiny named[3407]: dns_master_load: /etc/bind/pz/external.biased.org:21: biased.org: multiple RRs of singleton type
Feb 28 09:56:02 destiny named[3407]: zone biased.org/IN: loading master file /etc/bind/pz/internal.biased.org: multiple RRs of singleton type
I'm not 100% sure what this means, but I guess this means that I've got same names in the 2 zonefiles which shouldn't be the case?
Strangely tho, since starting editing the zonefile, the time taken to look up IP addresses is much longer...
Thanks very much for your time again!
Bugzilla
Wiki
Source
Linear Mode
