Adding a DNS Child Zone in BIND 1

[tktuffkid]

I have never administered any type of DNS before in my life (until yesterday) so any help would be greatly appreciated.

I work for a really small company that owns a domain 'bar.com'. However, I am setting up a test network where I will want to administer my own domain called 'foo.bar.com'. My first step was to get BIND running on one of my machines. I went through the process of creating my zone data files and a named.conf file.

1) BIND Configuration File (named.conf)
2) Forward Mapping Zone Data File (db.foo.bar.com)
3) Reverse Mapping Zone Data File (db.192.168)

I was very cautious with the syntax and even ran named-checkconf & named-checkzone where applicable and found no errors. I then launched 'named -c named.conf' on my Linux machine and all was well (also verifying syslog for any errors). All of my hosts within my 'foo.bar.com' subdomain are able to 'nslookup' my private DNS server for both Address (A) records and Pointer (PTR) records. So far so good.

However, if on one of my hosts 'host1.foo.bar.com' I issue an 'nslookup host2.bar.com', I noticed with Wireshark that my local DNS server is sending the query to a ROOT DNS server (which results in a NXDOMAIN). Instead, I would want my local DNS server to instead send the query to our internal DNS server residing on 'bar.com'.

Similarly, if on my host 'host1.foo.bar.com' I issue an 'nslookup google.com', it again goes out to a ROOT DNS server and of course returns with 5 answers.

So here is my question:

1) How can I leverage my parent zone's DNS server residing in 'bar.com'? In other words, I would like to take advantage of the recursive/iterative/caching hierarchical nature of DNS. If one of my hosts needs to resolve something outside of my domain, I would want my local DNS server to forward all requests to my parent's DNS server...and not a ROOT DNS server.

PLEASE NOTE: My IT administrator of 'bar.com' is almost always AWOL. So getting any configuration changes on my parent's 'bar'com' DNS server is next to impossible. But at the same token, I have no interest in having 'bar.com' hosts resolving my hosts on 'foo.bar.com'. I am selfish and only care about having my hosts on 'foo.bar.com' resolving hosts on 'bar.com'

 

[Noway2]

I think your problem is the setting of where your resolver is pointing. The resolver is what communicates with the name server to perform the lookup. If your hosts are not set to use the name server for your child domain which is authoritative for itself and the parent domain doesn't refer to the child name servers then you will have this problem. Ultimately, I think you will need to get the parent domain aware of your sub/child domain but you may be able to work around it for now.

As a quick experiment, go to the say host1.foo.bar.com and do a lookup of host2.foo.bar.com. It should tell you what name server is being used and it probably isn't the one that is authoritative for your domain. Then, while in nslookup, use the command 'server <your child name server>' (no quotes) and try the result again. If it works this time, you will need to change the network configuration to point your name servers to the one that is authoritative for your child domain. Typically this is done in the DHCP configuration.

 

[tktuffkid]

Thanks Noway2. I will give this a whirl when I get a chance.

In the meantime, I was able to use BIND's 'forwarders' functionality. If a query comes in for the specified zone, it will forward the request to the authoritative servers listed in the 'forwarders' list.

zone "bar.com" {
type forward;
forwarders { 1.1.1.1; 1.1.1.2; };
};

However, although this allows me to resolve names in bar.com from foo.bar.com, it is not quite the same as what I expected. From reading some documentation, it appears that this nameserver will relay a recursive query to the nameservers in the forwarders list.