Slightly OT: BIND problem
scott.mitchell at mail.com
Thu Nov 1 23:10:27 GMT 2001
Somewhat OT, but I know that people on here will have the answers. And the
servers in question *are* running OpenBSD :-)
So, I've inherited the DNS admin hat for my place of work. Everything
inside the firewall lives on the 10.1.x.x network, with a couple of
severely underworked OpenBSD boxes handling DNS for it all. So far so
good. However, for reasons known only to them, my predecessors decided that
all the Windows boxes on the network would live in their own subdomain
(call it ms.company.com) with their own DNS server on a 2000 server box.
All the Windows servers have addresses in 10.1.0.x, with 10.1.128 -
10.1.255 reserved for Windows DHCP. I have no idea why it was done this
Forward lookups work just fine from any machine; the Windows subdomain is
delegated to the Windows name server and everyone seems happy with that.
Reverse lookups also work, *except* when attempting to look up addresses in
the 'Windows' ranges on one of the OpenBSD servers. It appears these
ranges aren't being delegated correctly to the Windows DNS server.
The zone file for the 10.1 network has lines like:
0 IN NS ns2.company.com.
Where ns2 is the Windows DNS server. To me, as a Bind newbie, that looks
like it should work, but apparently it doesn't -- perhaps because it's
trying to delegate only part of the 10.1 network? A Google search turned
up lots of references to reverse delegation being a PITA to get right.
Most of the suggested solutions seemed to involve huge numbers of CNAME
records pointing to the delegated server. I should note that this isn't
really breaking anything, since machines can always ask the Windows server,
which does have the right answers. It just seems that it should be
possible to make that happen automatically.
I'm not at all convinced I've fully understood the problem here, but it
seems like there must be an easier way, short of reconfiguring the whole
network :-( I'll be getting hold of a copy of the O'Reilly DNS book, but
in the meantime if anyone has any suggestions on how to approach this I
would be overjoyed...
Apologies for the length of this... it's not all bad news though; I *have*
managed to replace a couple of Debian file servers with FreeBSD, and
learned how to set up a vinum RAID in the process... fun!
Many thanks in advance,
Scott Mitchell | PGP Key ID | "Eagles may soar, but weasels
Cambridge, England | 0x54B171B9 | don't get sucked into jet engines"
scott.mitchell at mail.com | 0xAA775B8B | -- Anon
More information about the Ukfreebsd