Thanks, will take it as good advice. And sorry to those who got confused
or offended with my post. While i was writing the message, i tried to
reproduce the scenario, which lead me to the mess :(. very sorry again.
> lin.kh@xxxxxxxxxxxx wrote:
>> Sorry all again:
>> I don't mean to flood my mails to the list but my previous post was a
>> little messed up as i cut and paste a lot trying not to show my real
>> domain.
>
> Take a hint from Tom Eastep the author of "shorewall".
>
> "As a general matter, please do not edit the diagnostic information in an
> attempt to conceal your IP address, netmask, nameserver addresses, domain
> name, etc. These aren't secrets, and concealing them often misleads us
> (and
> 80% of the time, a cracker could derive them anyway from information
> contained in the SMTP headers of your post)."
>
> Even if you've emailed using a different domain you may have muddied the
> waters such that it would be difficult for people to really help you.
>
> I, for one, spend little time obfuscated posts.
>
>
>>
>> Now i'd like to send the whole thing again with corrections:
>>
>> ********
>>
>> First, please bear with me; i know this is not the place to ask about
>> BIND; but i'm hoping that, someone out there could help me. Also, sorry
>> for the lengthy post but most of it is to explain my scenario. And I
>> believe, the answer to my question will be very short.
>>
>> Basically, I tried to delegate a reverse sub-domain (a subnet smaller
>> than
>> /24). I could query a PTR record from the parent server but i could not
>> from the child server where all the configuration of the sub-domain
>> belongs.
>>
>> Here is the detail:
>>
>> I have my home network connected to my office network with a registered
>> domain (office.net, for example) with the scenario below. On the Office
>> DNS server (ns1.office.net), I would like to delegate both the forward
>> sub-domain home.office.net and reverse one 192.168.9.32/28 to the Home
>> DNS
>> server (ns1.home.office.net).
>>
>> My problem is that, on the Home server, i could not do this query:
>>
>> $ host 192.168.9.33
>> Host 33.9.168.192.in-addr.arpa not found: 3(NXDOMAIN)
>>
>> While from the Office server, i can:
>> $ host 192.168.9.33
>> 33.9.168.192.in-addr.arpa is an alias for
>> 33.32-39.9.168.192.in-addr.arpa.
>> 33.32-39.9.168.192.in-addr.arpa domain name pointer ns1.home.office.net.
>>
>> What could be the cause of problem? I might miss a transition somewhere
>> between the office parent zone and the home child zone. But i just don't
>> know. Everything else seems to work fine (the sub-domain forward zones
>> are
>> ok).
>>
>> I've been following the book of O'Reilly "DNS & BIND", 5th edition,
>> which
>> is a great book i found; but the part on the reverse sub-domain is a bit
>> too tricky for me.
>>
>> Could someone please help me out?
>>
>> Here is the scenario:
>>
>> Office Network:
>> ===============
>> Domain: office.net (not real, used as example here only)
>> IP subnet : 192.168.9.0/24 (not real, used as example here only)
>> DNS Server: ns1.office.net (IP:192.168.9.1)
>>
>> Home Network:
>> ==============
>> Domain: home.office.net
>> IP Subnet : 192.168.9.32/28
>> DNS Server: ns1.home.office.net (IP:192.168.9.33)
>>
>> On both of the DNS servers, i'm running BIND on Fedora 9.
>> The configuration files on the Office server (ns1.office.net) looks as
>> below:
>>
>> 1. /etc/resolv.conf
>>
>> === Beginning of file ===
>> search office.net
>> nameserver 192.168.9.1
>> nameserver 192.168.9.2
>> === End of file ===
>>
>> 2. /var/named/chroot/etc/named.conf
>> (I'm using bind-chroot here with ROOTDIR=/var/named/chroot set in
>> /etc/sysconfig/named)
>>
>> === Beginning of file ===
>> options {
>> listen-on port 53 { 127.0.0.1; 192.168.9.1;};
>> // listen-on-v6 port 53 { ::1; };
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>> allow-query { trusted;};
>> recursion yes;
>> };
>>
>> acl trusted {127.0.0.1; 192.168.9.0/24;};
>>
>> include "/etc/named.rfc1912.zones";
>>
>> zone "office.net" IN {
>> type master;
>> file "office.zone";
>> };
>>
>> zone "9.168.192.in-addr.arpa" IN {
>> type master;
>> file "9.168.192.zone";
>> };
>> === End of file===
>>
>> 3. /var/named/chroot/var/named/office.zone
>>
>> === Beginning of file ===
>> $TTL 1D
>> @ IN SOA ns1.office.net. root.office.net. (
>> 08080201 ; serial
>> 1D ; refresh
>> 1H ; retry
>> 1W ; expire
>> 3H ) ; minimum
>> NS ns1.office.net.
>> NS ns2.office.net.
>> MX 10 mail1.office.net.
>> MX 20 mail2.office.net.
>> A 192.168.9.12
>>
>> ns1 IN A 192.168.9.1
>> ns2 IN A 192.168.9.2
>> mail1 IN A 192.168.9.11
>> mail2 IN A 192.168.9.12
>> www IN CNAME mail2
>>
>> ;; Glue records for home.office.net
>> home IN NS ns1.home
>> ns1.home IN A 192.168.9.33
>> === End of file ===
>>
>> 4. /var/named/chroot/var/named/9.168.192.zone:
>>
>> === Beginning of file ===
>> $TTL 1D
>> @ IN SOA ns1.office.net. root.office.net. (
>> 08080203 ; serial
>> 1D ; refresh
>> 1H ; retry
>> 1W ; expire
>> 3H ) ; minimum
>> NS ns1.office.net.
>> NS ns2.office.net.
>>
>> 1 IN PTR ns1.office.net.
>> 2 IN PTR ns2.office.net.
>> 11 IN PTR mail1.office.net.
>> 12 IN PTR mail2.office.net.
>>
>> $GENERATE 33-39 $ CNAME $.32-39
>> 32-39 IN NS ns1.home.office.net.
>> === End of file ===
>>
>> And finally, the configuration files on the Home server
>> (ns1.home.office.net) looks as below:
>>
>> 1. /etc/resolv.conf
>>
>> #=== Beginning of file ===
>> search home.office.net
>> nameserver 192.168.9.33
>> #=== End of file ===
>>
>> 2. /var/named/chroot/etc/named.conf
>>
>> //=== Beginning of file ===
>> options {
>> listen-on port 53 { 127.0.0.1; 192.168.9.33;};
>> listen-on-v6 port 53 { ::1; };
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>> query-source port 53;
>> query-source-v6 port 53;
>> allow-query { localhost; 192.168.9.32/28;};
>> // forward first;
>> // forwarders {192.168.9.5;};
>> };
>>
>> include "/etc/named.rfc1912.zones";
>>
>> zone "home.office.net" IN {
>> type master;
>> file "home.zone";
>> };
>>
>> zone "32-39.9.168.192.in-addr.arpa" IN {
>> type master;
>> file "32-39.9.168.192.zone";
>> };
>> //=== End of file ===
>>
>> 3. /var/named/chroot/var/named/home.zone
>>
>> ;=== Beginning of file ===
>> $TTL 86400
>> @ IN SOA ns1.home.office.net. root.home.office.net. (
>> 08080501 ; Serial
>> 28800 ; Refresh
>> 14400 ; Retry
>> 3600000 ; Expire
>> 86400 ) ; Minimum
>> IN NS ns1.home.office.net.
>> IN MX 10 mail.home.office.net.
>>
>> ns1 IN A 192.168.9.33
>> mail IN A 192.168.9.35
>> ;=== End of file ===
>>
>> 4. /var/named/chroot/var/named/32-39.9.168.192.zone
>>
>> ;=== Beginning of file ===
>> $TTL 86400
>> @ IN SOA ns1.home.office.net. root.home.office.net. (
>> 08080203 ; Serial
>> 28800 ; Refresh
>> 14400 ; Retry
>> 3600000 ; Expire
>> 86400 ) ; Minimum
>> IN NS ns1.home.office.net.
>>
>> 33 IN PTR ns1.home.office.net.
>> 35 IN PTR mail.home.office.net.
>> ;=== End of file ===
>>
>> Thanks in advance for any ideas?
>>
>> Best,
>> Khem
>>
>>
>>
>
>
> --
> I met my latest girl friend in a department store. She was looking at
> clothes, and I was putting Slinkys on the escalators.
> -- Steven Wright
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
