nomann@diku.dk (Ole Nomann Thomsen) (04/17/91)
This question might be naive, and is probably malformed, as I
have practically no experience in setting up nameservers. I hope you
can understand me anyway.
I would like to set up a BIND-server on a SCO-UNIX system, that has
authority over a part of a zone, like this:
[1] All queries, outside the zone, are resolved as usual.
[2] Queries inside the zone are tried against local (authoritative) data.
(Here in the file "myfile").
If the answer is found, it is returned, else [3] is tried.
[3] The queries are recursively forwarded to other servers for the same zone.
I have tried several different configurations of the named.boot file.
f.ex.:
The line :
primary mydom.mytop myfile
gives me [2].
The line:
secondary mydom.mytop v.x.y.z myfile
(where v.x.y.z is the IP of an authoritative nameserver for the zone) gives
me [3] but not [2].
I even tried using both lines (with or without v.x.y.z), but no matter
what I do, I have only [2] xor [3], can't I have both ? Maybe this is
gross, but it seems to me to be usefull gross, because "mydom.mytop" is
shared between several organizations, who don't need to know most of
the local names, I'd like to use.
--
- Ole. (nomann@diku.dk).jcurran@SH.CS.NET (John Curran) (04/18/91)
-------- > I would like to set up a BIND-server on a SCO-UNIX system, that has > authority over a part of a zone, like this: > > [1] All queries, outside the zone, are resolved as usual. > [2] Queries inside the zone are tried against local (authoritative) data. > (Here in the file "myfile"). > If the answer is found, it is returned, else [3] is tried. > [3] The queries are recursively forwarded to other servers for the same zone. > I even tried using both lines (with or without v.x.y.z), but no matter > what I do, I have only [2] xor [3], can't I have both ? Maybe this is > gross, but it seems to me to be usefull gross, because "mydom.mytop" is > shared between several organizations, who don't need to know most of > the local names, I'd like to use. Yes, it would be useful. The problem is that BIND presumes that a domain has a single authoritative server, and as such, once an authoritative server has been asked, it will not ask another (if if the first request returned "no data"). There is no manner for a server to return an answer of "unknown". The most common method for handling multiple data sources is to delegate each into a seperate subdomain: Under FOO.COM Unit #1 gets SALES.FOO.COM Unit #2 gets ADMIN.FOO.COM etc.. This subdomains are delegated by placing NS records in the master zone file: (In file for zone FOO.COM) @ IN SOA ... IN NS myns.foo.com. IN NS myns2.foo.com. ... SALES IN NS salesns.foo.com. ADMIN IN NS adminns.foo.com. This allows each unit to administer their own records within the overall domain. You should also define secondary servers for these subdomains. /John
nomann@diku.dk (Ole Nomann Thomsen) (04/23/91)
I wrote: >This question might be naive, and is probably malformed, as I >have practically no experience in setting up nameservers. I hope you >can understand me anyway. >I would like to set up a BIND-server on a SCO-UNIX system, that has >authority over a part of a zone, like this: >[1] All queries, outside the zone, are resolved as usual. >[2] Queries inside the zone are tried against local (authoritative) data. > (Here in the file "myfile"). > If the answer is found, it is returned, else [3] is tried. >[3] The queries are recursively forwarded to other servers for the same zone. >I have tried several different configurations of the named.boot file. Thanks for all the answers. The majority points out, that what I want should not be possible, and suggests that I set up a sub-domain for mydomain.mytop (Allright, the real name is "bib.dk" :-). I wanted to avoid that, if possible, because most of our names have been in use for some time, and are well-known among remote users. Furthermore, I would like to use our own machine as primary name-server and some remote machine as secondary NS. This is easier if I share the authority over the domain with that machine. The day after posting the answer, I tried a new configuration (129.142.6.64 and 129.142.6.65 are remote name-serveres with authority over bib.dk, the bootfile is for an SCO-UNIX BIND server): ; ; type domain source file or host ; directory /usr/local/named domain bib.dk cache . root.cache secondary bib.dk 129.142.6.64 129.142.6.65 hosts.BAK secondary 142.129.in-addr.arpa 129.142.6.64 129.142.6.65 rev.BAK primary 0.0.127.in-addr.arpa named.local primary 162.142.129.in-addr.arpa rev.fek primary bib.dk hosts.fek And this works! hosts.fek and rev.fek contains local names, which 129.142.6.64 and .65 knows nothing about. These machines knows about the rest of the domain-names, which are not in the local files. And the name-server can resolve both types. 129.142 is a class B network. The 129.142.162 adresses are, by convention, reserved to our organization. Am I doing something, that I shouldn't ? (visions of Mickey Mouse as the magicians apprentice..., Oh no he looks just like me! ..and its not a broom- stick, its... its... BIND!) -- - Ole. (nomann@diku.dk).