Re: delegating NS control of subdomain to another BIND

[Jeremy T. Bouse]

Martin F. Krafft was said to been seen saying:
> ... and i really thought i was down with BIND8/9...
> 
> i can't seem to find a solution to the following problem:
> (sorry for the sizely post...)
> 
> mydomain.org is handled by ns{1,2}.mydomain.org.
> so ns1.mydomain.org has a zone for mydomain.org, with an entry
>   mydomain.org IN NS ns1.mydomain.org
> and ns2.mydomain.org slaves this zone.
> 
> now i would like to create a new zone, subdomain.mydomain.org,
> and i want it to be controlled by two separate nameservers,
> ns{1,2}.subdomain.mydomain.org.
> 
> i thought that i could simply create an entry
>   subdomain IN NS ns1.subdomain.mydomain.org
>             IN NS ns2.sybdomain.mydomain.org
> within the mydomain.org zone, and then any request to
> subdomain.mydomain.org and its children are delegated to
> ns{1,2}.subdomain.mydomain.org.
> 
> the subdomain.mydomain.org zone contains an A record for @ as well as
> A records for ns1 and ns2 plus some other A records for other hosts.
> 
> now, from a host that uses ns{1,2}.mydomain.org as its nameservers, i
> am doing the following tests:
> 
> ns1.mydomain.org           => 192.168.14.1
> ns2.mydomain.org           => 192.168.14.11
> ns1.subdomain.mydomain.org => 192.168.14.13
> ns2.subdomain.mydomain.org => 192.168.14.14
> 
> (1) direct queries agains ns{1,2}.subdomain.mydomain.org
>     (this all works for both).
> 

        In this example you would need to have both NS and A records
in mydomain.org which relate to subdomain.mydomain.org for instance
(*Disclaimer: I'm writing this off the cuff of my sleeve not from a 
current zone config setup*)

in mydomain.org zone file:
$ORIGIN mydomain.org.
        NS      ns1.mydomain.org.
        NS      ns2.mydomain.org.

$ORIGIN subdomain.mydomain.org.
        NS      ns1.subdomain.mydomain.org.
        NS      ns2.subdomain.mydomain.org.
ns1     A       192.168.14.13
ns2     A       192.168.14.14

then in the subdomain.mydomain.org zone file you would handle it as if
that were any normal zone file adding the records for subdomain.mydomain.org.

        Respectfully,
        Jeremy T. Bouse

>   fishbowl:~> host -t ns subdomain.mydomain.org 192.168.14.13
>   subdomain.mydomain.org         NS      ns2.subdomain.mydomain.org
>   subdomain.mydomain.org         NS      ns1.subdomain.mydomain.org
> 
>   fishbowl:~> host subdomain.mydomain.org 192.168.14.13
>   subdomain.mydomain.org         A       192.168.14.21
>   
>   fishbowl:~> host ns1.subdomain.mydomain.org 192.168.14.13
>   ns1.subdomain.mydomain.org     A       192.168.14.13
>   
>   fishbowl:~> host ns2.subdomain.mydomain.org 192.168.14.13
>   ns2.subdomain.mydomain.org     A       192.168.14.14
>   
>   fishbowl:~> host mail.subdomain.mydomain.org 192.168.14.13
>   mail.subdomain.mydomain.org    A       192.168.14.7
> 
>           ===> ns{1,2}.subdomain.mydomain.org correctly resolve their
>                zones
> 
> (2) queries agains ns{1,2}.mydomain.org
>     (this all works for both)
>   
>   fishbowl:~> host -t ns mydomain.org 192.168.14.1
>   mydomain.org                   NS      ns1.mydomain.org
>   mydomain.org                   NS      ns2.mydomain.org
>   
>   fishbowl:~> host -t ns subdomain.mydomain.org 192.168.14.1
>   subdomain.mydomain.org         NS      ns1.subdomain.mydomain.org
>   subdomain.mydomain.org         NS      ns1.subdomain.mydomain.org
>    !!! subdomain.mydomain.org NS host ns1.subdomain.mydomain.org does
>      not exist
>    !!! subdomain.mydomain.org NS host ns2.subdomain.mydomain.org does
>      not exist
>   subdomain.mydomain.org has lame delegation to
>     ns1.subdomain.mydomain.org
>   subdomain.mydomain.org has lame delegation to
>     ns2.subdomain.mydomain.org
> 
>   fishbowl:~> host ns1.subdomain.mydomain.org 192.168.14.1
>   ns1.subdomain.home.madduck.net does not exist (Authoritative answer)
> 
>   fishbowl:~> host mail.subdomain.mydomain.org 192.168.14.1
>   ns2.subdomain.home.madduck.net does not exist (Authoritative answer)
>

        If you use the example I have above where the mydomain.org zone
has the NS records for subdomain.mydomain.org and the A records for both
ns{1,2}.subdomain.mydomain.org then you should not get this... As you have
it without the A records for ns{1,2}.subdomain the ns{1,2}.mydomain.org
servers don't know where to point the NS entries to in order to get an
authoritative answer...

> do you have any ideas how i can configure this?
> 
> thanks,
> martin;              (greetings from the heart of the sun.)
>   \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
> -- 
> click the start menu and select 'shut down.'
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
,-----------------------------------------------------------------------------,
|Jeremy T. Bouse, CCNA - UnderGrid Network Services, LLC -  www.UnderGrid.net |
|       Public PGP/GPG key available through http://wwwkeys.us.pgp.net        |
|     If received unsigned (without requesting as such) DO NOT trust it!      |
| [EMAIL PROTECTED]   -   NIC Whois: JB5713   -   [EMAIL PROTECTED]  |
`-----------------------------------------------------------------------------'

pgpZVShCPqbm6.pgp
Description: PGP signature