0

I'm running a bind 9.8-server and want to delegate a sub-domain to a different dns-server (also administered by me), but I can't seem to get bind to accept my config and I can't figure out why.

Below is my zone-file. I've anonymized it and deleted records of no interest for this topic. Basically I want 192.168.1.12 to handle the tree subdomains prod.mydomain.com, test.mydomain.com and stageing.mydomain.com.

When I run the named-checkzone, this what I get:

named-checkzone mydomain.com. /root/mydomain.com
dns_master_load: /root/mydomain.com:22: test.mydomain.com: CNAME and other data
zone mydomain.com/IN: loading from master file /root/mydomain.com failed: CNAME and other data
zone mydomain.com./IN: not loaded due to errors.

Zonefile:

$ORIGIN mydomain.com.
$TTL 6h
@                       IN  SOA ns01.mydomain.com.  hostmaster.mydomain.com. (
                            2015030502   ; serial number
                            3600         ; refresh
                            3600         ; retry
                            604800       ; expire
                            3600       ) ; minimum TTL

;  Zone NS records
@                           NS  ns01.mydomain.com.
@                           NS  ns02.mydomain.com.

;  Zone records
ns01                        A   192.168.1.10
ns02                        A   192.168.1.11

; SUBDOMAINS
prod.mydomain.com.          NS  ns03.prod.mydomain.com.
ns03.prod.mydomain.com.     A   192.168.1.12

test.mydomain.com.          NS  ns03.test.mydomain.com.
ns03.test.mydomain.com.     A   192.168.1.12

stageing.mydomain.com.      NS  ns03.stageing.mydomain.com.
ns03.stageing.mydomain.com. A   192.168.1.12

Any help is greatly appreciated!

Freddie
  • 3
  • 2
  • When I copy and paste your zone and run `named-checkzone` on it, I get errors about out of zone records (AFAIK this is normal for glue records) but it loads OK. – faker Mar 06 '15 at 12:28
  • can you show the zones from the delegation target? – Skaperen Mar 06 '15 at 12:49
  • I found one cause of error. There was an old hostrecord (which I cleaned out from the config before posting) named test.mydomain.com. Understandably I can not have both a host and a subdomain with the same name. My misstake. However now I get this error: `zone mydomain.com/IN: prod.mydomain.com/NS 'ns03.prod.mydomain.com' (out of zone) has no addresses records (A or AAAA)` but this is okay, you say Faker? Skaperen - the delegation target does not yet exist. It will be a part of an Openshift installation which I have not yet installed. Does this pose a problem? – Freddie Mar 06 '15 at 13:38

1 Answers1

0

By defining the NS records below the delegation, you have inadvertently combined zone delegation and records within those zones in the same zone file. Try the following simplified config to prevent these warnings:

$ORIGIN mydomain.com.
$TTL 6h
@                       IN  SOA ns01.mydomain.com.  hostmaster.mydomain.com. (
                            2015030502   ; serial number
                            3600         ; refresh
                            3600         ; retry
                            604800       ; expire
                            3600       ) ; minimum TTL

;  Zone NS records
                            NS  ns01.mydomain.com.
                            NS  ns02.mydomain.com.

;  Zone records
ns01                        A   192.168.1.10
ns02                        A   192.168.1.11
ns03                        A   192.168.1.12

; SUBDOMAINS
prod                        NS  ns03.mydomain.com.
test                        NS  ns03.mydomain.com.
stageing                    NS  ns03.mydomain.com.
Ric F
  • 116
  • 4
  • Note that those warnings were caused by `named-checkzone` trying to lookup the out of zone records and that failed (presumably because the zone is not on the DNS server yet). Defining the records like in the question is perfectly fine, those are called glue records. (See also https://lists.isc.org/pipermail/bind-users/2008-January/068915.html) – faker Mar 06 '15 at 15:20
  • This changes the dns names. Now the NS for the subdomain is not in the subdomain. – Pieter Mar 01 '16 at 10:45