Wednesday, September 24, 2014

bind9: delegate sub-domain, dns zone, on debian

1- general information
domain name: private.domain
sub domain to delegate: sub1.private.domain
server1: 192.168.203.5
server2: 192.168.203.7

2- install bind9 on both server
root@localhost# apt-get install bind9 bind9utils

3- configure on server1 top level domain: private.domain
add the following line to /etc/bind/named.conf.default-zones


zone "private.domain" {
        type master;
        file "/etc/bind/private.zone";
};


create a file /etc/bind/private.zone and add the following content

$TTL 2d ; default TTL is 2 days
$ORIGIN private.domain.
@              IN      SOA   ns1.private.domain. hostmaster.private.domain. (
               2003080800 ; serial number
               2h         ; refresh =  2 hours
               15M        ; update retry = 15 minutes
               3W12h      ; expiry = 3 weeks + 12 hours
               2h20M      ; minimum = 2 hours + 20 minutes
               )

              IN      NS     ns1.private.domain.
@             IN      A      192.168.203.5
ns1           IN      A      192.168.203.5


; sub-domain definitions
; zone fragment for sub1.private.domain
$ORIGIN sub1.private.domain.
@             IN      NS     ns3.sub1.private.domain.
; the record above could have been written without the $ORIGIN as
; sub-domain address records for name server only - glue record
ns3          IN      A      192.168.203.7 ; 'glue' record
; the record above could have been written as
; ns3.sub.private.domain. A 10.10.0.24 if it's less confusing


3- configure on server2 sub domain: sub1.private.domain
 add the following line to /etc/bind/named.conf.default-zones
 zone "sub1.private.domain" {
        type master;
        file "/etc/bind/sub1.private.zone";
};


create a file /etc/bind/sub1.private.zone and add the following content
$TTL 2d ; default TTL is 2 days
$ORIGIN sub1.private.domain.
@              IN      SOA   ns3.sub1.private.domain. hostmaster.sub1.private.domain. (
               2003080800 ; serial number
               2h         ; refresh =  2 hours
               15M        ; update retry = 15 minutes
               3W12h      ; expiry = 3 weeks + 12 hours
               2h20M      ; minimum = 2 hours + 20 minutes
               )
              IN      NS     ns3.sub1.private.domain.

@           IN      A      192.168.203.7
ns3           IN      A      192.168.203.7

web             IN      A       192.168.203.10
web2             IN      A      192.168.203.11
dc             IN      A        192.168.203.11




6- query the sub domain

 root@localhost# dig  web.sub1.private.domain

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> web.sub1.private.domain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1555
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.sub1.private.domain.       IN      A

;; ANSWER SECTION:
web.sub1.private.domain. 172154 IN      A       192.168.203.10

;; AUTHORITY SECTION:
sub1.private.domain.    172154  IN      NS      ns3.sub1.private.domain.

;; ADDITIONAL SECTION:
ns3.sub1.private.domain. 172154 IN      A       192.168.203.7

;; Query time: 3 msec
;; SERVER: 192.168.203.5#53(192.168.203.5)
;; WHEN: Wed Sep 24 16:54:52 2014
;; MSG SIZE  rcvd: 91


root@localhost# dig  sub1.private.domain

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> sub1.private.domain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40745
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;sub1.private.domain.           IN      A

;; ANSWER SECTION:
sub1.private.domain.    172127  IN      A       192.168.203.7

;; AUTHORITY SECTION:
sub1.private.domain.    172118  IN      NS      ns3.sub1.private.domain.

;; ADDITIONAL SECTION:
ns3.sub1.private.domain. 172118 IN      A       192.168.203.7

;; Query time: 3 msec
;; SERVER: 192.168.203.5#53(192.168.203.5)
;; WHEN: Wed Sep 24 16:55:28 2014
;; MSG SIZE  rcvd: 87

5 comments:

  1. there is a whitespace before TTL in sub1 zone file, it should be removed and written like this:
    $TTL
    otherwise you get:
    rndc: 'addzone' failed: no owner

    ReplyDelete
  2. there is a whitespace before TTL in sub1 zone file, it should be removed and written like this:
    $TTL
    otherwise you get:
    rndc: 'addzone' failed: no owner

    ReplyDelete
  3. Domain names is an identification label that defines a particular business entity or a company.Your domain name or URL should reflect your company's name if possible. Creative Company Names

    ReplyDelete
  4. Remember when visiting someone else's blog you're entering into a 'conversation' and many times you may have not been invited. dofollow social bookmarking sites

    ReplyDelete