Questions

How do I configure bind9?

+
0 Votes
Locked

How do I configure bind9?

lastchip
To cut a long story short, I needed my own DNS server which is bind9 running in Debian Squeeze.

After several days of research, breaking things, cursing and frustration, I have a DNS master server up and running. However, I do not have the facilities to have a slave (secondary) server. Fortunately, my domain registrar offers a slave backup for just such instances.

On testing through an on-line testing site, it became apparent the data supplied from my master, differs slightly to the slave. Mainly, my master server is not configured to supply the slave servers address (name or ip).

So after all that, here's the question. I cannot work out how to configure bind9 to supply an address of a slave server on a completely different subnet. For example, the zone reverse lookup uses the last octet of an ipv4 address as an identifier. This is what I'm talking about:

12 IN PTR ns1.domain.com

the 12, being the last octet of the domain ip address. The first three of course, are positioned at the beginning of the file similar to:

$ORIGIN 0.168.192.IN-ADDR.ARPA.

now, all the text books and tutorials reference consecutive addresses on the same subnet; for example;

12 IN PTR ns1.domain.com
13 IN PTR ns2.domain.com

So what I'm saying is, (just for example) suppose your master address is 192.168.0.1, but your slave address is 10.10.0.1 - how do you configure your zone files for both servers?

Or do you ignore reverse lookup for the slave and just configure it in the forward lookup zone? Or maybe you use the full address as the identifier - if so, is it written in reverse order? Or perhaps, it simply can't be done!

I'm really struggling with this and try as I may, can't find any answers via Google.

Any helps from you bind gurus would be most appreciated.
  • +
    1 Votes
    seanferd

    Reverse is the same.
    0.168.192.in-addr.arpa
    0.10.10.in-addr.arpa

    Just for example, look at the NS records here:
    http://www.robtex.com/dns/robtex.com.html#records
    (To avoid any potential confusion, note that I used the service to look up its own domain name.)
    None of the NS IPs share an octet at all.

    +
    0 Votes
    lastchip

    When you stop and think about it away from all the documentation, tutorials and textbooks, the answer is almost obvious.

    This is an area that is brand new to me and getting my head around, I have to admit was not easy!

    Thank you for pointing me in the right direction.

    +
    0 Votes
    seanferd

    No problem.

    I'm lucky enough to be not too deeply immersed in this stuff. :^0 Sometimes, this actually helps. But I do know what you mean about the given examples. A lot of texts tend to unnecessarily narrow the perceived range of possibilities by providing lowest common denominator sort of examples.

    Just an FYI: Correct practice, in fact, suggests you should have your public authoritative nameservers in at least two different Class C networks. So you're good to go on that count (assuming these are NS with IPs in public address space, and used over the internet as opposed to in a LAN).

    Hey, don't forget SOA for you main.

  • +
    1 Votes
    seanferd

    Reverse is the same.
    0.168.192.in-addr.arpa
    0.10.10.in-addr.arpa

    Just for example, look at the NS records here:
    http://www.robtex.com/dns/robtex.com.html#records
    (To avoid any potential confusion, note that I used the service to look up its own domain name.)
    None of the NS IPs share an octet at all.

    +
    0 Votes
    lastchip

    When you stop and think about it away from all the documentation, tutorials and textbooks, the answer is almost obvious.

    This is an area that is brand new to me and getting my head around, I have to admit was not easy!

    Thank you for pointing me in the right direction.

    +
    0 Votes
    seanferd

    No problem.

    I'm lucky enough to be not too deeply immersed in this stuff. :^0 Sometimes, this actually helps. But I do know what you mean about the given examples. A lot of texts tend to unnecessarily narrow the perceived range of possibilities by providing lowest common denominator sort of examples.

    Just an FYI: Correct practice, in fact, suggests you should have your public authoritative nameservers in at least two different Class C networks. So you're good to go on that count (assuming these are NS with IPs in public address space, and used over the internet as opposed to in a LAN).

    Hey, don't forget SOA for you main.