probably just an ordinary question, but I've been wasting hours on this for months. If you need other logs/output/explanation/etc. just ask :)
Thanks in advance!
What I need
- The zone
local.example.comshall be managed by a local server10.20.0.9 - The local servers (10.20.0.0/24) are only accessible from within the network but
- Their hostnames
xxx.local.example.comare resolvable world-wide from the internet
What I have so far
I am using CloudFlare as DNS provider, following this guide, I have set-up the following:
- Records at CloudFlare:
ns.example.com A 10.20.0.9 (local DNS server) loc.example.com NS ns.example.com (delegation to local DNS) - Records file at my local DNS server (
10.20.0.9using bind9)loc.example.com. IN SOA ns.example.com. hostmaster.example.com. ( 1628517915 3600 600 24H 3600 ) s1.loc.example.com. IN A 10.20.0.9
My Problem
CloudFlare does not answer my NS lookup request for loc.example.com with ns.example.com as expected. Instead, the request just failes with "server failure" (see last CLI log)...
CLI output
dig ns.example.com; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ns.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10036 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;ns.example.com. IN A ;; ANSWER SECTION: ns.example.com. 300 IN A 10.20.0.9 ;; Query time: 111 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Mon Aug 09 16:42:06 CEST 2021 ;; MSG SIZE rcvd: 66So the name server resolves to our local IP, nice!
dig @10.20.0.9 NS loc.example.com; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @10.20.0.9 NS loc.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47653 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 7fa7e218d1c20f1e113b236e61113fb96c1b101d374cbde7 (good) ;; QUESTION SECTION: ;loc.example.com. IN NS ;; ANSWER SECTION: loc.example.com. 3600 IN NS ns.example.com. ;; Query time: 1 msec ;; SERVER: 10.20.0.9#53(10.20.0.9) ;; WHEN: Mon Aug 09 16:46:17 CEST 2021 ;; MSG SIZE rcvd: 96Our local DNS server knows that it's responsible for the sub domain
dig @10.20.0.9 s1.loc.example.com; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @10.20.0.9 s1.loc.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38039 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 7790b2d359140e5f04be8596611140927c7321fefc1fbbe9 (good) ;; QUESTION SECTION: ;s1.loc.example.com. IN A ;; ANSWER SECTION: s1.loc.example.com. 3600 IN A 10.20.0.1 ;; AUTHORITY SECTION: loc.example.com. 3600 IN NS ns.example.com. ;; Query time: 1 msec ;; SERVER: 10.20.0.9#53(10.20.0.9) ;; WHEN: Mon Aug 09 16:49:54 CEST 2021 ;; MSG SIZE rcvd: 119So the local DNS can resolve our local hosts
dig @1.1.1.1 NS loc.example.com; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @1.1.1.1 NS loc.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33748 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; OPT=15: 00 16 ("..") ;; QUESTION SECTION: ;loc.example.com. IN NS ;; Query time: 12 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Mon Aug 09 16:51:45 CEST 2021 ;; MSG SIZE rcvd: 57Here lies the problem: CloudFlare does NOT answer to our NS record request. Why :o ?
