My setup is such that the PriDNS and SlaveDNS are supporting 2 different
domains (ie. company.abc.com and company.def.com).

My db.company.def.com file
------------------------------------------------
// db.company.def.com
@ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
200105171 // Serial number
28800 // Refresh (8 hrs.)
7200 // Retry (2 hrs.)
604800 // Expire (7 days)
86400) // Minimum (1 day)

IN NS pridns.company.def.com.
IN NS slavedns.company.def.com.

pridns.company.def.com. IN A 130.1.2.3
slavedns.company.def.com. IN A 130.1.2.4


intranet.company.def.com IN A 130.2.2.8

// End of db.company.def.com
------------------------------------------------

For root.hint, what are entires can I put??? Can I use the slavedns???

For the zonefile db.company.abc.com, am I right to say that I need to change
to as follows:

------------------------------------------------
// db.company.def.com
@ 4h IN SOA pridns.company.abc.com. postmaster.company.abc.com. (
200105171 // Serial number
28800 // Refresh (8 hrs.)
7200 // Retry (2 hrs.)
604800 // Expire (7 days)
86400) // Minimum (1 day)

IN NS pridns.company.abc.com.
IN NS slavedns.company.abc.com.

pridns.company.abc.com. IN A 130.1.2.3
slavedns.company.abc.com. IN A 130.1.2.4

xyz.company.abc.com. IN NS pridns.xyz.company.abc.com.
pridns.xyz.company.abc.com. IN A 172.7.8.9


intranet.company.abc.com IN A 130.1.2.10

// End of db.company.abc.com
------------------------------------------------

Kindly also advise how do I create a root server??? Can I make use of the
PriDNS??? If yes, what are the file and content to be created???

It seems like my entire setup is wrong and I would like to have them
corrected.

Thank you.


>From: phn@icke-reklam.ipsec.nu
>To: comp-protocols-dns-bind@isc.org
>Subject: Re: Sub-domain delegation for BIND 9.2.3
>Date: Mon, 6 Sep 2004 21:36:46 +0000 (UTC)
>
>Apache Apache wrote:
> > Appened are my files on the Primary DNS:

>
>Look below for comments :
>
> > //named.conf for Pri DNS for company.def.com & company.abc.com (ip is
> > 130.1.2.3)
> > // ACL for blocking RFC1918 space commonly used for DoS and spoofing
> > attacks.
> > acl noaccess-list { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24;
> > 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };

>
> > acl slave { 130.1.2.4; };

>
> > controls {
> > inet 127.0.0.1 port 953
> > allow { 127.0.0.1; } ;
> > };

>
> > options {
> > version "DNS Server";
> > directory "/usr/local/named/log";
> > pid-file "/usr/local/named/named.pid";
> > allow-query { any; };
> > listen-on-v6 { none; };
> > listen-on { 130.1.2.3; };
> > notify yes;
> > provide-ixfr yes;
> > blackhole { noaccess-list; };
> > };

>
> > zone "." {
> > type hint;
> > file "root.hint";
> > };

>
> > // IPv4 localhost and localhost reverse.
> > zone "localhost" {
> > type master;
> > file "db.localhost";
> > };

>
> > zone "0.0.127.in-addr.arpa" {
> > type master;
> > file "db.127.0.0";
> > notify no;
> > };

>
> > zone "2.1.130.in-addr.arpa" {
> > type master;
> > file "db.130.1.2";
> > notify yes;
> > allow-transfer { slave; };
> > };

>
>
> > zone "company.def.com" {
> > type master;
> > file "db.company.def.com";

>
>Where is this file ??
>
> > notify yes;
> > allow-transfer { slave; };
> > };

>
> > zone "company.abc.com" {
> > type master;
> > file "db.company.abc.com";
> > notify yes;
> > forwarders { };
> > allow-transfer { slave; };
> > };

>
> > //End of named.conf for Pri DNS
> > ------------------------------------------------

>
> > // root.hint

>
> > . 3600000 IN NS A.ROOT-SERVERS.NET.
> > A-ROOT-SERVERS.NET. 3600000 A 130.1.2.3

>
> > //End of root.hint

>
>Ok, you are running internal-roots with a single server, this
>might fail ( you should need 3 )
>
> > -------------------------------------------------
> > // db.localhost
> > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
> > 2001051701 // Serial Number
> > 28800 // Refresh (8 hrs.)
> > 7200 // Retry (2 hrs.)
> > 604800 // Expire (7 days)
> > 86400) // Minimum (1 day)
> > IN NS pridns.company.def.com.
> > $TTL 1h
> > IN A 127.0.0.1

>
> > // End of db.localhost

>
> > ------------------------------------------------
> > // db.127.0.0
> > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
> > 2001051700 // Serial number
> > 28800 // Refresh (8 hrs.)
> > 7200 // Retry (2 hrs.)
> > 604800 // Expire (7 days)
> > 86400) // Minimum (1 day)

>
> > IN NS pridns.company.def.com.
> > 1 IN PTR localhost.

>
> > //End of db.127.0.0

>
> > ------------------------------------------------
> > // db.company.abc.com
> > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
> > 200105171 // Serial number
> > 28800 // Refresh (8 hrs.)
> > 7200 // Retry (2 hrs.)
> > 604800 // Expire (7 days)
> > 86400) // Minimum (1 day)

>
> > IN NS pridns.company.def.com.
> > IN NS slavedns.company.def.com.

>
>if this is the zonefile for "company.def.com." you cannot
>say anything about "def.com." here. it should be done at '.' or
>'.com' level ( probably in your root-server )
>
>
> > pridns.company.def.com. IN A 130.1.2.3
> > slavedns.company.def.com. IN A 130.1.2.4

>
> > xyz.company.abc.com. IN NS pridns.xyz.company.abc.com.
> > pridns.xyz.company.abc.com. IN A 172.7.8.9

>
>
> > intranet.company.abc.com IN A 130.1.2.10

>
>
> > // End of db.company.abc.com

>
> > -------------------------------------------------
> > // db.130.1.2
> > @ 4h IN SOA pridns.company.def.com. postmaster.company.def.com. (
> > 200105173 // Serial number
> > 28800 // Refresh (8 hrs.)
> > 7200 // Retry (2 hrs.)
> > 604800 // Expire (7 days)
> > 86400) // Minimum (1 day)

>
> > IN NS pridns.company.def.com. // master nameserver
> > IN NS slavednsdns.company.def.com. // slave nameserver

>
> > 3 IN PTR pridns.company.def.com.
> > 4 IN PTR slavedns.company.def.com.

>
> > // End of db.130.1.2
> > ------------------------------------------------

>
> > //etc/resolv.conf
> > domain company.def.com
> > nameserver 130.1.2.3
> > nameserver 130.1.2.4

>
> > Pls advise what went wrong.
> > ------------------------------------------------

>
>
>
> >>From: phn@icke-reklam.ipsec.nu
> >>To: comp-protocols-dns-bind@isc.org
> >>Subject: Re: Sub-domain delegation for BIND 9.2.3
> >>Date: Fri, 3 Sep 2004 17:53:16 +0000 (UTC)
> >>
> >>Apache Apache wrote:
> >> > Hi,
> >>
> >> > Have done as advised but when I performed a nslookup, I can only get
> >> > non-existent host/domain and not able to resolve
> >>host.xyz.company.abc.com.
> >> > Pls advise is there anything that I missed out. Thank you.
> >>
> >>
> >> >>From: phn@icke-reklam.ipsec.nu
> >> >>To: comp-protocols-dns-bind@isc.org
> >> >>Subject: Re: Sub-domain delegation for BIND 9.2.3
> >> >>Date: Thu, 2 Sep 2004 16:52:18 +0000 (UTC)
> >> >>
> >> >>Apache Apache wrote:
> >> >> > I have a server (ie. serverA) running BIND 9.2.3 and is a master

>DNS
> >>fo=
> >> >>r=20
> >> >> > parent domain company.abc.com. Users are pointing to this server

>for
> >>na=
> >> >>me=20
> >> >> > resolution.
> >> >>
> >> >> > I have another server (ie. serverB using F5 DNS) and I would like
> >> >>this=20
> >> >> > server to serve the domain xyz.company.abc.com.
> >> >>
> >> >> > What are the changes required on my named.conf and

>db.company.abc.com
> >>f=
> >> >>or=20
> >> >> > serverA in order for users to be able to resolve
> >>host.xyz.company.abc.c=
> >> >>om???
> >> >>
> >> >>A proper delagation. ( a couple of NS records in xyz.company.abc.com.

>)
> >> >>
> >> >> > Thank you.
> >> >>
> >> >> > __________________________________________________ _______________
> >> >> > Get MSN Hotmail alerts on your mobile.=20
> >> >> > http://mobile.msn.com/ac.aspx?cid=3Duuhp_hotmail
> >> >>
> >> >>
> >> >>
> >> >>--=20
> >> >>Peter H=E5kanson =20
> >> >> IPSec Sverige ( At Gothenburg Riverside )
> >> >> Sorry about my e-mail address, but i'm trying to keep

>spam
> >>out=
> >> >>,
> >> >> remove "icke-reklam" if you feel for mailing me. Thanx.
> >> >>
> >>
> >> > __________________________________________________ _______________
> >> > Get MSN Hotmail alerts on your mobile.
> >> > http://mobile.msn.com/ac.aspx?cid=uuhp_hotmail
> >>
> >>Proper delegation is to add a 'NS' records where LHS is the sibdomain

>name
> >>and RHS is the FQDN of the nameserver(s) configured as servers for the
> >>zone.
> >>
> >>nslookup is a tool that is broken in most hands. The symptoms you tell
> >>about
> >>might be problems with nslookup.
> >>
> >>Why don't you publish the name of the zone , the contents ( at least the
> >>relevant parts)
> >>of the zonefile(s) and configfiles ? That way we don't have to guess
> >>
> >>
> >>--
> >>Peter Håkanson
> >> IPSec Sverige ( At Gothenburg Riverside )
> >> Sorry about my e-mail address, but i'm trying to keep spam

>out,
> >> remove "icke-reklam" if you feel for mailing me. Thanx.
> >>

>
> > __________________________________________________ _______________
> > Fast. Clear. Easy. The new MSN Search. http://search.msn.com.sg/

>
>
>
>--
>Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
>


__________________________________________________ _______________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/g...ave/direct/01/