12.3 bind with the BIND9_DLZ plugin Quick question, if there are any bind gurus around. What reverse zone should I add for a 192.168.x.y address? I've added: 168.192.in-addr.arpa to hold the PTR's but nada. . . Saludos, L x Just in case, here are the details: I'm trying to setup DLZ on a Samba4 DC. Our Linux clients send nsupdate -g's to the DC. The forward zone updates are fine: nslookup catral Server: 192.168.1.16 Address: 192.168.1.16#53 Name: catral.hh3.site Address: 192.168.1.22 nslookup 192.168.1.22 Server: 192.168.1.16 Address: 192.168.1.16#53 ** server can't find 22.1.168.192.in-addr.arpa.: NXDOMAIN These are the dynamic zones in named: samba-tool dns zonelist hh16 3 zone(s) found pszZoneName : 168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.hh3.site pszZoneName : hh3.site Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.hh3.site pszZoneName : _msdcs.hh3.site Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.hh3.site -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Sat, 01 Jun 2013 10:42:37 +0200 lynn <lynn@steve-ss.com> пишет:
12.3 bind with the BIND9_DLZ plugin Quick question, if there are any bind gurus around. What reverse zone should I add for a 192.168.x.y address? I've added: 168.192.in-addr.arpa to hold the PTR's but nada. . .
According to your example x.192.168.in-addr.arpa and "y" should be PTR record in this zone. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 2013-06-01 at 12:49 +0400, Andrey Borzenkov wrote:
В Sat, 01 Jun 2013 10:42:37 +0200 lynn <lynn@steve-ss.com> пишет:
12.3 bind with the BIND9_DLZ plugin Quick question, if there are any bind gurus around. What reverse zone should I add for a 192.168.x.y address? I've added: 168.192.in-addr.arpa to hold the PTR's but nada. . .
According to your example
x.192.168.in-addr.arpa
and "y" should be PTR record in this zone.
Hi In my example, that would make the PTR 22 yes? So the zone to add is: 1.192.168.in-addr.arpa? In that case, nsupdate would be sending from 168.192.1.22 ???? Anyway, still no go. . . What I can't understand is why named can't just store the reverse record in what I already have: 168.192.in-addr.arpa Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn said the following on 06/01/2013 06:25 PM:
On Sat, 2013-06-01 at 12:49 +0400, Andrey Borzenkov wrote:
В Sat, 01 Jun 2013 10:42:37 +0200 lynn <lynn@steve-ss.com> пишет:
12.3 bind with the BIND9_DLZ plugin Quick question, if there are any bind gurus around. What reverse zone should I add for a 192.168.x.y address? I've added: 168.192.in-addr.arpa to hold the PTR's but nada. . .
According to your example
x.192.168.in-addr.arpa
and "y" should be PTR record in this zone.
Hi In my example, that would make the PTR 22 yes? So the zone to add is: 1.192.168.in-addr.arpa? In that case, nsupdate would be sending from 168.192.1.22 ????
Anyway, still no go. . . What I can't understand is why named can't just store the reverse record in what I already have: 168.192.in-addr.arpa
The absolutely correct answer is that you *COULD*. But as with so many things, just because you could doesn't mean you should. And 22 PTR wouldn't work there ... DNS/Bind config is fraught with lots of little things you have to get just right if you expect it to work the way you think it should, or at all. A misplace "." can screw things up wildly and cause problems to propagate. You need to watch the log files as you fire it up. Having the files x.168.192.in-addr.arpa.zone for each of the values of 'x' (Oh! and the corresponding entries in the named.conf) has a number of advantages over one big 168.192.in-addr.arpa.zone file. Why? localization. It means you can alter just one thing and leave other stuff you know works intact. It means you can experiment without dire consequences. It means if there is an error then it cqn be more easily localized, identified and fixed. And more Me, I'm paranoid. I could use 23 IN PTR mail but I chose to use 23 IN PTR mail.antonaylward.com. Please note the period. The first only works if you have the named.conf set up correctly while the latter is more robust. I'd VERY VERY STRONGLY advise that you get and read the O'Reilley book http://shop.oreilly.com/product/9780596100575.do -- How long did the whining go on when KDE2 went on KDE3? The only universal constant is change. If a species can not adapt it goes extinct. That's the law of the universe, adapt or die. -- Billie Walsh, May 18 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
Me, I'm paranoid. I could use 23 IN PTR mail but I chose to use 23 IN PTR mail.antonaylward.com.
Please note the period. The first only works if you have the named.conf set up correctly while the latter is more robust.
Uh, the former wouldn't work at all, you have to use the latter. Your zone file presumably has a $ORIGIN directive : $ORGIN x.168.192.in-addr.arpa. This is used for '23' and 'mail'. That'[s why you need to use 'mail.antonaylward.com.'. -- Per Jessen, Zürich (13.8°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen said the following on 06/02/2013 07:41 AM:
Anton Aylward wrote:
Me, I'm paranoid. I could use 23 IN PTR mail but I chose to use 23 IN PTR mail.antonaylward.com.
Please note the period. The first only works if you have the named.conf set up correctly while the latter is more robust.
Uh, the former wouldn't work at all, you have to use the latter. Your zone file presumably has a $ORIGIN directive :
$ORGIN x.168.192.in-addr.arpa.
This is used for '23' and 'mail'. That'[s why you need to use 'mail.antonaylward.com.'.
Are you contradicting yourself by showing how my first example could work? Actually it might depend on what's in the named.config file that references this reverse file. That may give the origin. lets face it, the forward files can use the short form mail IN A 192.168.1.23 rather than mail.antonaylward.com IN A 192.168.1.23 Why? What abbreviations are you using? - "@" - ? If I have in the config file zone "antonaylward.com" { ... } then the "@" refers to that. This is the origin unless you over-ride it in the zone file. **The origin is added to names not ending in a dot** BUT BUT BUT you have to have the origin set up properly. This is a 'trick' that ISPs and other places that host domains use. They have a standard forward and standard reverse file because they have a standard config - all the domains they set up and host have exactly the same IP layout (well OK, its the same on each non virtual)((OK they may have many parallel instances as well). -- How long did the whining go on when KDE2 went on KDE3? The only universal constant is change. If a species can not adapt it goes extinct. That's the law of the universe, adapt or die. -- Billie Walsh, May 18 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
Per Jessen said the following on 06/02/2013 07:41 AM:
Anton Aylward wrote:
Me, I'm paranoid. I could use 23 IN PTR mail but I chose to use 23 IN PTR mail.antonaylward.com.
Please note the period. The first only works if you have the named.conf set up correctly while the latter is more robust.
Uh, the former wouldn't work at all, you have to use the latter. Your zone file presumably has a $ORIGIN directive :
$ORGIN x.168.192.in-addr.arpa.
This is used for '23' and 'mail'. That'[s why you need to use 'mail.antonaylward.com.'.
Are you contradicting yourself by showing how my first example could work?
I didn't think so, no.
Actually it might depend on what's in the named.config file that references this reverse file. That may give the origin.
lets face it, the forward files can use the short form
mail IN A 192.168.1.23
rather than
mail.antonaylward.com IN A 192.168.1.23
Right. The default $ORIGIN is the zone name from named.config.
Why? What abbreviations are you using? - "@" - ?
For normal zones, I usually have a specific $ORIGIN. For reverse zones, always.
If I have in the config file
zone "antonaylward.com" { ... }
then the "@" refers to that. This is the origin unless you over-ride it in the zone file.
Yup.
**The origin is added to names not ending in a dot**
Yes. That is why your first example with 23 IN PTR mail won't work. For a reverse zone file, you need an $ORIGIN of 'x.168.192.in-addr.arpa.' (whether explicit or from @), therefore your PTR has to be fully qualified = "mail.antonaylward.com." -- Per Jessen, Zürich (14.6°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 2013-06-02 at 15:03 +0200, Per Jessen wrote:
Anton Aylward wrote:
Per Jessen said the following on 06/02/2013 07:41 AM:
If I have in the config file
zone "antonaylward.com" { ... }
then the "@" refers to that. This is the origin unless you over-ride it in the zone file.
Yup.
**The origin is added to names not ending in a dot**
Yes. That is why your first example with
23 IN PTR mail
won't work. For a reverse zone file, you need an $ORIGIN of 'x.168.192.in-addr.arpa.' (whether explicit or from @), therefore your PTR has to be fully qualified = "mail.antonaylward.com."
Hi I think you guys are talking about the configuration where you write stuff in files. My question was more to do with the DLZ plugin. I know I should have thought more about the title for the thread; I don't have any $ORIGIN, { curly brackets, @'s or . dots. To try and bring this back to what I need, how about this: 'An IP of 192.168.1.23, could have a PTR of 23 in a zone called 1.168.192.in-addr.arpa' Please disregard alternatives. I know it works. Could you just give me a yes or no on the statement? Thanks for your interest. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn wrote:
On Sun, 2013-06-02 at 15:03 +0200, Per Jessen wrote:
Anton Aylward wrote:
[snip]
Hi I think you guys are talking about the configuration where you write stuff in files. My question was more to do with the DLZ plugin.
They are really very similar.
I know I should have thought more about the title for the thread; I don't have any $ORIGIN, { curly brackets, @'s or . dots.
To try and bring this back to what I need, how about this: 'An IP of 192.168.1.23, could have a PTR of 23 in a zone called 1.168.192.in-addr.arpa'
Please disregard alternatives. I know it works. Could you just give me a yes or no on the statement?
Yes. -- Per Jessen, Zürich (10.3°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn said the following on 06/03/2013 01:41 AM:
Hi I think you guys are talking about the configuration where you write stuff in files. My question was more to do with the DLZ plugin. I know I should have thought more about the title for the thread; I don't have any $ORIGIN, { curly brackets, @'s or . dots.
To try and bring this back to what I need, how about this: 'An IP of 192.168.1.23, could have a PTR of 23 in a zone called 1.168.192.in-addr.arpa'
Please disregard alternatives. I know it works. Could you just give me a yes or no on the statement?
Given that I have 2.168.182.in-addr.arpa and five that I have 18 rather than 23, yes I have such, BUT IT IS IN A FILE Where else are you going to put it that Bind can read it? -- How long did the whining go on when KDE2 went on KDE3? The only universal constant is change. If a species can not adapt it goes extinct. That's the law of the universe, adapt or die. -- Billie Walsh, May 18 2013 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
lynn said the following on 06/03/2013 01:41 AM:
Hi I think you guys are talking about the configuration where you write stuff in files. My question was more to do with the DLZ plugin. I know I should have thought more about the title for the thread; I don't have any $ORIGIN, { curly brackets, @'s or . dots.
To try and bring this back to what I need, how about this: 'An IP of 192.168.1.23, could have a PTR of 23 in a zone called 1.168.192.in-addr.arpa'
Please disregard alternatives. I know it works. Could you just give me a yes or no on the statement?
Given that I have 2.168.182.in-addr.arpa and five that I have 18 rather than 23, yes I have such,
BUT IT IS IN A FILE
Where else are you going to put it that Bind can read it?
In a database for instance, see http://bind-dlz.sourceforge.net/ -- Per Jessen, Zürich (15.1°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, 2013-06-03 at 06:46 -0400, Anton Aylward wrote:
lynn said the following on 06/03/2013 01:41 AM:
Hi I think you guys are talking about the configuration where you write stuff in files. My question was more to do with the DLZ plugin. I know I should have thought more about the title for the thread; I don't have any $ORIGIN, { curly brackets, @'s or . dots.
To try and bring this back to what I need, how about this: 'An IP of 192.168.1.23, could have a PTR of 23 in a zone called 1.168.192.in-addr.arpa'
Please disregard alternatives. I know it works. Could you just give me a yes or no on the statement?
Given that I have 2.168.182.in-addr.arpa and five that I have 18 rather than 23, yes I have such,
BUT IT IS IN A FILE
Where else are you going to put it that Bind can read it?
Samba uses ldb for everything. It's just like LDAP. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Sun, 02 Jun 2013 00:25:55 +0200 lynn <lynn@steve-ss.com> пишет:
On Sat, 2013-06-01 at 12:49 +0400, Andrey Borzenkov wrote:
В Sat, 01 Jun 2013 10:42:37 +0200 lynn <lynn@steve-ss.com> пишет:
12.3 bind with the BIND9_DLZ plugin Quick question, if there are any bind gurus around. What reverse zone should I add for a 192.168.x.y address? I've added: 168.192.in-addr.arpa to hold the PTR's but nada. . .
According to your example
x.192.168.in-addr.arpa
and "y" should be PTR record in this zone.
Hi In my example, that would make the PTR 22 yes? So the zone to add is: 1.192.168.in-addr.arpa? In that case, nsupdate would be sending from 168.192.1.22 ????
Sorry, this should of course have been x.168.192.in-addr.arpa and PTR 22 in zone 1.168.192.in-addr.arpa Zones are reverse representation of dotted IP address.
Anyway, still no go. . . What I can't understand is why named can't just store the reverse record in what I already have: 168.192.in-addr.arpa
When making reverse address resolution of 192.168.1.22, program just asks for PTR record for 22.1.168.192.in-addr.arpa. This means record 22 in zone 1.168.192.in-addr.arpa by definition.
Thanks, L x
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 2013-06-02 at 07:50 +0400, Andrey Borzenkov wrote:
В Sun, 02 Jun 2013 00:25:55 +0200 lynn <lynn@steve-ss.com> пишет:
On Sat, 2013-06-01 at 12:49 +0400, Andrey Borzenkov wrote:
В Sat, 01 Jun 2013 10:42:37 +0200 lynn <lynn@steve-ss.com> пишет:
12.3 bind with the BIND9_DLZ plugin Quick question, if there are any bind gurus around. What reverse zone should I add for a 192.168.x.y address? I've added: 168.192.in-addr.arpa to hold the PTR's but nada. . .
According to your example
x.192.168.in-addr.arpa
and "y" should be PTR record in this zone.
Hi In my example, that would make the PTR 22 yes? So the zone to add is: 1.192.168.in-addr.arpa? In that case, nsupdate would be sending from 168.192.1.22 ????
Sorry, this should of course have been
x.168.192.in-addr.arpa
and
PTR 22 in zone 1.168.192.in-addr.arpa
Zones are reverse representation of dotted IP address.
Hi I've finally got it. I deleted the 168.192.in-addr.arpa zone and replaced it with 1.168.192.in-addr.arpa and. . . absolute perfection: samba-tool dns query hh16 1.168.192.in-addr.arpa 22 PTR Name=, Records=1, Children=0 PTR: catral.hh3.site (flags=f0, serial=3, ttl=3600) nslookup catral Server: 192.168.1.16 Address: 192.168.1.16#53 Name: catral.hh3.site Address: 192.168.1.22 nslookup 192.168.1.22 Server: 192.168.1.16 Address: 192.168.1.16#53 22.1.168.192.in-addr.arpa name = catral.hh3.site. Just one disappointment: the DNS update isn't immediate. As a test, I deliberately changed the IP of one of the clients. The nsupdate was sent e.g. on the next domain login, but it took a minute or so before I could ping it from other clients. Is that OK? Thanks for your patience. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Andrey Borzenkov -
Anton Aylward -
lynn -
Per Jessen