Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bind on Multiple Subnets

1,980 views
Skip to first unread message

Collins, Kevin

unread,
Jun 10, 2003, 9:44:43 AM6/10/03
to
I have a private DNS server that is currently supporting all of the Linux
machines in one of my offices. I would like to expand it's duties to cover
my other two offices as well. This is because within the span of a month,
I'm going to have Linux machines in each office, not just mine.

Each of my offices is setup using its own Class C subnet in the 10.200.x.x
range. These offices are connected together with 128k Frame Relay WAN lines
and a Red Hat 8 machine as a router. The BIND service is running on this
router. All of the machines from all subnets can "see" things on the
Lexington office subnet (like our Mail Server and Intranet Server) through
the services of this machine.

Here is a little ASCII art that I hope helps:

+------------------------------------------------+
| nesbitt.local |
| |
| +------------+ +------------+ +--------------+ |
| | Lexington | | Hazard | | Prestonsburg | |
| | 10.200.8.x | | 10.200.9.x | | 10.200.10.x | |
| +------------+ +------------+ +--------------+ |
| | | | |
| +------------+ | | |
| | DNS Server/|--------+ | |
| | Router |-----------------------+ |
| +------------+ |
+------------------------------------------------+

I don't necessarily want three sub-domains - i.e.: lexington.nesbitt.local,
hazard.nesbitt.local, etc. - preferring to have just the single
"nesbitt.local" domain name. But I can't find any way of making BIND
(version 9.2.1) do this. Can someone point me to a good HOWTO? Or better
yet give me pointers, or even convince me to go one way or the other...

--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.

Barry Margolin

unread,
Jun 10, 2003, 10:09:39 AM6/10/03
to
In article <bc4o9i$sh4$1...@sf1.isc.org>,

Collins, Kevin <KCol...@nesbittengineering.com> wrote:
>I don't necessarily want three sub-domains - i.e.: lexington.nesbitt.local,
>hazard.nesbitt.local, etc. - preferring to have just the single
>"nesbitt.local" domain name. But I can't find any way of making BIND
>(version 9.2.1) do this. Can someone point me to a good HOWTO? Or better
>yet give me pointers, or even convince me to go one way or the other...

What is there to "make BIND do"? Just put all the names and addresses in a
single zone file and it just works.

--
Barry Margolin, barry.m...@level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Kevin Darcy

unread,
Jun 10, 2003, 1:56:42 PM6/10/03
to
"Collins, Kevin" wrote:

> I have a private DNS server that is currently supporting all of the Linux
> machines in one of my offices. I would like to expand it's duties to cover
> my other two offices as well. This is because within the span of a month,
> I'm going to have Linux machines in each office, not just mine.
>
> Each of my offices is setup using its own Class C subnet in the 10.200.x.x
> range. These offices are connected together with 128k Frame Relay WAN lines
> and a Red Hat 8 machine as a router. The BIND service is running on this
> router. All of the machines from all subnets can "see" things on the
> Lexington office subnet (like our Mail Server and Intranet Server) through
> the services of this machine.
>
> Here is a little ASCII art that I hope helps:
>
> +------------------------------------------------+
> | nesbitt.local |
> | |
> | +------------+ +------------+ +--------------+ |
> | | Lexington | | Hazard | | Prestonsburg | |
> | | 10.200.8.x | | 10.200.9.x | | 10.200.10.x | |
> | +------------+ +------------+ +--------------+ |
> | | | | |
> | +------------+ | | |
> | | DNS Server/|--------+ | |
> | | Router |-----------------------+ |
> | +------------+ |
> +------------------------------------------------+
>

> I don't necessarily want three sub-domains - i.e.: lexington.nesbitt.local,
> hazard.nesbitt.local, etc. - preferring to have just the single
> "nesbitt.local" domain name. But I can't find any way of making BIND
> (version 9.2.1) do this. Can someone point me to a good HOWTO? Or better
> yet give me pointers, or even convince me to go one way or the other...

What is the challenge here? Are you trying to set up local DNS servers in your
other offices so that nesbitt.local domain names are resolvable from all
locations, even if their Frame Relay link is down? The solution to that is to
simply replicate nesbitt.local from your master to a local slave nameserver at
each location.

Or, is the challenge that you want administrators to be able to maintain
DNS entries for their local subnets? That's a bigger challenge. In the absence
of delegating subzones, you'd need to come up with some way for these folks to
login to some sort of centralized maintenance system, or to forward their
changes to the main server for inclusion (e.g. securely transferring
$INCLUDE files) along with a way for them to make them visible in a timely
fashion, e.g. remote "rndc reload" functionality. You should also be worried
about security and integrity (i.e. the chance that a mistake in one part of the
nesbitt.local zone could affect the zone as a whole).

Delegating subzones seems like it might be the most practical solution in the
long run. Give each location a chunk of the namespace and let them manage it
independently of the rest of the namespace. For redundancy, you could have each
location be a slave of all the nesbitt.local subzones for which it was not
already master (this approach tends not to scale to large numbers of locations,
though).

Note that delegating subzones also allows the location to update their DNS even
if their Frame Relay link is down, although those updates won't be seen by
other locations until the link comes back up and the data replicates.


- Kevin

Collins, Kevin

unread,
Jun 11, 2003, 11:14:03 AM6/11/03
to
> >I don't necessarily want three sub-domains - i.e.:
> lexington.nesbitt.local,
> >hazard.nesbitt.local, etc. - preferring to have just the single
> >"nesbitt.local" domain name. But I can't find any way of making BIND
> >(version 9.2.1) do this. Can someone point me to a good
> HOWTO? Or better
> >yet give me pointers, or even convince me to go one way or
> the other...
>
> What is there to "make BIND do"? Just put all the names and
> addresses in a
> single zone file and it just works.
>

Thanks Barry, with this I was able to get the forward lookup zone working.
After a bit more searching, I foind out I had to have individual Reverse
lookup zone files for the each subnet. I've finally got what I needed
working,

Barry Margolin

unread,
Jun 11, 2003, 11:46:44 AM6/11/03
to
In article <bc7hgd$tmm$1...@sf1.isc.org>,

You don't have to have separate reverse zones for each subnet. You can
have a single 100.10.in-addr.arpa zone, with entries like:

1.8 IN PTR <host in 10.100.8.x subnet>
10.9 IN PTR <host in 10.100.9.x subnet>

or you could organize it like:

$ORIGIN 8.100.10.in-addr.arpa.
1 IN PTR <host in 10.100.8.x subnet>
2 IN PTR <host in 10.100.8.x subnet>
....
$ORIGIN 9.100.10.in-addr.arpa.
10 IN PTR <host in 10.100.9.x subnet>

0 new messages