In article <4781d39f$0$36405$742ec2ed@news.sonic.net>,
KM wrote:

> On a small network, a host 'neptune' is the nameserver for an internal
> domain 'nicklan'. I would like one of the hosts, 'nicklite.nicklan', to
> be the nameserver for the subdomain 'jupiter.nicklan'. The hosts in
> this subdomain will all be one and the same as 'nicklite.nicklan'.
>
> neptune and nicklite both run bind9. The respective zone files are
>
> neptune:
> @ IN SOA neptune.nicklan. root.localhost. (
> 56 ; Serial
> 3h ; Refresh
> 1h ; Retry
> 1w ; Expire
> 1h ) ; Negative Cache TTL
> ;
> IN NS neptune.nicklan.
>
> @ IN A 172.23.63.2
> neptune IN A 172.23.63.2
> nicklite IN A 172.23.63.100
>
> ; Attempt delegation of 'jupiter' subdomain.
> jupiter.nicklan. IN NS ns.jupiter.nicklan.
> ns.jupiter.nicklan. A 172.23.63.100

Not that it matters much, but if you want to delegate to nicklite, why
are you delegating to ns.jupiter?

>
> nicklite:
> @ IN SOA ns.jupiter.nicklan. root.localhost. (
> 32 ; Serial
> 3h ; Refresh
> 1h ; Retry
> 1w ; Expire
> 1h ) ; Negative Cache TTL
> ;
> IN NS ns.jupiter.nicklan.
>
> @ IN A 172.23.63.100
> ns IN A 172.23.63.100
> foo IN CNAME ns
>
> The nameserver on nicklite seems to work, e.g.
>
> # host foo.jupiter.nicklan.
> foo.jupiter.nicklan is an alias for ns.jupiter.nicklan.
> ns.jupiter.nicklan has address 172.23.63.100
>
> Likewise the nameserver on neptune, e.g.
>
> # host nicklite.nicklan.
> nicklite.nicklan has address 172.23.63.100
>
> But the nameserver on neptune does not seem to know about the subdomain:
>
> # host foo.jupiter.nicklan.
> Host foo.jupiter.nicklan not found: 3(NXDOMAIN)
>
> Am I trying to do something infeasible, and if not, how to make it work?

Does neptune have recursion disabled? It needs to recurse in order to
query nicklite.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

On 2008-01-08, Barry Margolin wrote:
>
> Does neptune have recursion disabled? It needs to recurse in order to
> query nicklite.

I think it's enabled. On neptune, /etc/bind/named.conf includes a file
/etc/bind/named.conf.options which contains (with some snippage)

options {
...
allow-recursion { localnets; };
...
};

- is that conclusive?

--
KM

On 2008-01-08, Barry Margolin wrote:
>> ; Attempt delegation of 'jupiter' subdomain.
>> jupiter.nicklan. IN NS ns.jupiter.nicklan.
>> ns.jupiter.nicklan. A 172.23.63.100
>
> Not that it matters much, but if you want to delegate to nicklite, why
> are you delegating to ns.jupiter?

Sorry, I missed that question earlier. Merely to attempt to conform to
the examples I found, mainly this one,

http://www.zytrax.com/books/dns/ch9/delegate.html

I tried this variant in neptune's zone file,

; Attempt delegation of 'jupiter' subdomain.
jupiter.nicklan. IN NS nicklite.nicklan.

with no more success than before. In all cases I can query the
nameserver on nicklite from neptune, e.g.

# host jupiter.nicklan. 172.23.63.100
Using domain server:
Name: 172.23.63.100
Address: 172.23.63.100#53
Aliases:

jupiter.nicklan has address 172.23.63.100

but not via neptune's own nameserver.
--
KM

Hello,

KM a écrit :
> On 2008-01-08, Barry Margolin wrote:
>
>>Does neptune have recursion disabled? It needs to recurse in order to
>>query nicklite.

If recursion was the problem, shouldn't neptune reply with a list of
referrals instead of NXDOMAIN ?

> I think it's enabled. On neptune, /etc/bind/named.conf includes a file
> /etc/bind/named.conf.options which contains (with some snippage)
>
> options {
> ...
> allow-recursion { localnets; };
> ...
> };

You should also have "recursion yes;" (maybe it is the default though).

In article ,
Pascal Hambourg wrote:

> Hello,
>
> KM a écrit :
> > On 2008-01-08, Barry Margolin wrote:
> >
> >>Does neptune have recursion disabled? It needs to recurse in order to
> >>query nicklite.
>
> If recursion was the problem, shouldn't neptune reply with a list of
> referrals instead of NXDOMAIN ?

Good point. I think it's time for the OP to use "rndc dumpdb" and look
at the memory dump. Maybe something in his zone file isn't being loaded
as he expects.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

On 2008-01-09, Barry Margolin wrote:
> Good point. I think it's time for the OP to use "rndc dumpdb" and look
> at the memory dump. Maybe something in his zone file isn't being loaded
> as he expects.

On the 'neptune' host, I ran 'rndc dumpdb -zones' which produced a file
/var/cache/bind/named_dump.db. It includes (reformatted to make narrower):

;
; Zone dump of 'nicklan/IN'
;
nicklan. 10800 IN SOA \
neptune.nicklan. root.localhost. 69 10800 3600 604800 3600
nicklan. 10800 IN NS neptune.nicklan.
nicklan. 10800 IN A 172.23.63.2
jupiter.nicklan. 10800 IN NS ns.jupiter.nicklan.
ns.jupiter.nicklan. 10800 IN A 172.23.63.100
neptune.nicklan. 10800 IN A 172.23.63.2
nicklite.nicklan. 10800 IN A 172.23.63.100

And on 'nicklite':

;
; Zone dump of 'jupiter.nicklan/IN'
;
jupiter.nicklan. 10800 IN SOA \
ns.jupiter.nicklan. root.localhost. 32 10800 3600 604800 3600
jupiter.nicklan. 10800 IN NS ns.jupiter.nicklan.
jupiter.nicklan. 10800 IN A 172.23.63.100
foo.jupiter.nicklan. 10800 IN CNAME ns.jupiter.nicklan.
ns.jupiter.nicklan. 10800 IN A 172.23.63.100

--
KM