Delegating subdomains using maradns??
Steve Wilson
S.Wilson at eris.qinetiq.com
Wed Jun 6 07:49:01 EDT 2007
Hi all,
I've been running various versions of maradns for a year or two now without
any real problems. Recently I had a request from one of my users to delegate
control of a subdomain to him. I'm having some problems getting it working -
but I think it's probably down to my lack of understanding than any actual
problem with maradns.
So, as a sanitised example, I have up and running already records for:
---
mydomain.com
www.mydomain.com
ns0.mydomain.com
mail.mydomain.com
fred.mydomain.com
---
What I want to do is modify my config so that I have a
fredsdomain.mydomain.com subdomain so that anyone requesting
*.fredsdomain.mydomain.com gets pointed off to fred's own nameserver
(fred.mydomain.com) rather than talking to mine.
My first attempt to get this working was to add the following to my db file:
---
Nfredsdomain.mydomain.com.|86400|fred.mydomain.com.
Afred.mydomain.com.|86400|1.2.3.4
---
With this - I can resolve the address for fred.mydomain.com without any
problem. However, if I try to resolve *.fredsdomain.mydomain.com I just get a
blank "A" record back and the authority section points back at my SOA record:
---
# dig @127.0.0.1 123.fredsdomain.mydomain.com
; <<>> DiG 9.3.4 <<>> @127.0.0.1 123.fredsdomain.mydomain.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55404
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;123.fredsdomain.mydomain.com. IN A
;; AUTHORITY SECTION:
123.fredsdomain.mydomain.com. 86400 IN SOA mydomain.com.
root.mydomain.com. 20071702 7200 3600 604800 1800
;; Query time: 4244 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 6 11:48:25 2007
;; MSG SIZE rcvd: 80
---
So, do I need to set up a new db file purely for the domain
fredsdomain.mydomain.com which has an appropriate SOA record that points at
fred.mydomain.com? Or is there some other trick to get the subdomain
delegation working from within the one db file? (since I'm probably going to
end up doing a lot of this sort of delegation, I'm hoping it's the latter)
Cheers,
Steve.
--
--------------------------------------------------------------
Steve Wilson
Senior Security Consultant
QinetiQ, St Andrews Road
Malvern, WR14 3PS
Tel: (01684 89) 4153
Fax: (01684 89) 7417
---------------------------------------------------------------
'The views expressed herein are entirely those of the writer and do not
represent the views, policy or understanding of any other person or
official body.'
---------------------------------------------------------------
'The information contained in this e-mail and any subsequent
correspondence is private and is intended solely for the intended
recipient(s). For those other than the intended recipient any
disclosure, copying, distribution, or any action taken or omitted to be
taken in reliance on such information is prohibited and may be
unlawful.'
---------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://woodlane.webconquest.com/pipermail/list/attachments/20070606/fb42e86d/attachment.pgp
More information about the list
mailing list