Very Computer

Hi-

I'm experimenting with DNS in a network using subdomains.  I based lot
of my information on the book DNS & BIND by Albitz and Liu. I have some
linger questions and I'm wondering what is the acceptable way in a real
environment.  I have 13 machines.  4 per subdomain and 1 used as a
router. My domain is the following:

    comics.com - 172.16.88.1- 172.16.95.254    255.255.248
    db.comics db.172.16 db.127.0 db.cache

My other 2 subdomains are the following:

avengers.comics.com    172.16.72.1 -172.16.79.254 255.255.248.0
db.avenger db.172.16 db.127.0 db.cache

xmen.comics.com          172.16.80.1 - 172.16.87.254 255.255.248.0
db.xmen db.172.16 db.127.0 db.cache

Each subdomain has a master and slave nameserver. I add the NS and glue
records to comics.com master nameserver.  Everything works fine. What I
can't do is resolve anything in comics.com from within
avengers.comics.com and xmen.comics.com.  The book is not clear on
this.  It does mention making the master of each subdomain (xmen &
avengers) a slave of the entire zone (comics). Xmen and avenger's master
would have copy of db.comics.  I can now resolve names in comics from
with xmen and avengers.  I can't do a reverse.  I can't just make each
master a slave and have the db.172.16 copied because it would write over
each master db.172.16.  So is the solution to make each master a slave
for comics.com and not transfer a copy of comic's db.172.16.  Would this
be a valid and viable solution?  Another would be to go to each client
and add the master nameserver of comics.com in the clients  of xmen and
avenger as the 3rd nameserver but that causes slow performance.

I would apprentice any suggestion and comments.

Thanks
Melvin

Quote:> Hi-

> I'm experimenting with DNS in a network using subdomains.  I based lot
> of my information on the book DNS & BIND by Albitz and Liu. I have some
> linger questions and I'm wondering what is the acceptable way in a real
> environment.  I have 13 machines.  4 per subdomain and 1 used as a
> router. My domain is the following:

>     comics.com - 172.16.88.1- 172.16.95.254    255.255.248
>     db.comics db.172.16 db.127.0 db.cache

> My other 2 subdomains are the following:

> avengers.comics.com    172.16.72.1 -172.16.79.254 255.255.248.0
> db.avenger db.172.16 db.127.0 db.cache

> xmen.comics.com          172.16.80.1 - 172.16.87.254 255.255.248.0
> db.xmen db.172.16 db.127.0 db.cache

> Each subdomain has a master and slave nameserver. I add the NS and glue
> records to comics.com master nameserver.  Everything works fine. What I
> can't do is resolve anything in comics.com from within
> avengers.comics.com and xmen.comics.com.  The book is not clear on
> this.  It does mention making the master of each subdomain (xmen &
> avengers) a slave of the entire zone (comics). Xmen and avenger's master
> would have copy of db.comics.  I can now resolve names in comics from
> with xmen and avengers.  I can't do a reverse.  I can't just make each
> master a slave and have the db.172.16 copied because it would write over
> each master db.172.16.  So is the solution to make each master a slave
> for comics.com and not transfer a copy of comic's db.172.16.  Would this
> be a valid and viable solution?  Another would be to go to each client
> and add the master nameserver of comics.com in the clients  of xmen and
> avenger as the 3rd nameserver but that causes slow performance.

> I would apprentice any suggestion and comments.

> Thanks
> Melvin

1) The easist way is to make the SOA/NS for your "entire"
16.172.in-addr.arpa zone on your root domain (comics.com) and then load that
zone as a secondary on your delegated (sub) domains.

2) If your still wanting to distribute the SOA/NS so that each delegated
domain is the primary for the sub networks that you have defined... then
load a separate in-addr.arpa zone as a class C type of zone. I use shell
scripts to create the separate zone files.

In the real world though, the OWNING ISP for those IP's would have to
delegate ownership to your name servers. e.g. They would change thier PTR
records to NS records that point to your name servers so that the proper
recurrsion will occur during a query.

Example of ISP change to delegate ownership of inverse address to your name
server.
ISP's 16.172.in-addr.arpa zone
88.1    IN PTR 88-1.ISP.com.
  to
88.1    IN NS  ns1.comics.com.

72.1    IN PTR 72-1.ISP.com
  to
72.1    IN NS ns1.avengers.comics.com

80.1    IN PTR 80-1.ISP.com
  to
80.1    IN NS ns1.xmen.comics.com

and so on...

Example of your named.conf file, load each in-addr.arpa zone as a class C
zone

---  comics.com server -----
88.16.172.in-addr.apra, db.172.16.88 (master)
89.16.172.in-addr.apra, db.172.16.89 (master)
..... thru
95.16.172.in-addr.apra, db.172.16.95 (master)

72.16.172.in-addr.apra, db.172.16.72 (slave)
73.16.172.in-addr.apra, db.172.16.73 (slave)
...... thru
79.16.172.in-addr.apra, db.172.16.79 (slave)

80.16.172.in-addr.apra, db.172.16.80 (slave)
81.16.172.in-addr.apra, db.172.16.81 (slave)
...... thru
87.16.172.in-addr.apra, db.172.16.87 (slave)

---  avengers.comics.com server -----
88.16.172.in-addr.apra, db.172.16.88 (slave)
89.16.172.in-addr.apra, db.172.16.89 (slave)
..... thru
95.16.172.in-addr.apra, db.172.16.95 (slave)

72.16.172.in-addr.apra, db.172.16.72 (master)
73.16.172.in-addr.apra, db.172.16.73 (master)
...... thru
79.16.172.in-addr.apra, db.172.16.79 (master)

80.16.172.in-addr.apra, db.172.16.80 (slave)
81.16.172.in-addr.apra, db.172.16.81 (slave)
...... thru
87.16.172.in-addr.apra, db.172.16.87 (slave)

---  xmen.comics.com server -----
88.16.172.in-addr.apra, db.172.16.88 (slave)
89.16.172.in-addr.apra, db.172.16.89 (slave)
..... thru
95.16.172.in-addr.apra, db.172.16.95 (slave)

72.16.172.in-addr.apra, db.172.16.72 (slave)
73.16.172.in-addr.apra, db.172.16.73 (slave)
...... thru
79.16.172.in-addr.apra, db.172.16.79 (slave)

80.16.172.in-addr.apra, db.172.16.80 (master)
81.16.172.in-addr.apra, db.172.16.81 (master)
...... thru
87.16.172.in-addr.apra, db.172.16.87 (master)

Steve Cowles