bind : delegate a subdomain

Discussion in 'Server Operation' started by electronico_nc, Jun 11, 2013.

  1. electronico_nc

    electronico_nc Member

    Hello all,

    We have 2 servers running Ubuntu 12.04 and ISPConfig 3.0.5.2
    Our goal is the have 1 server for production and 1 for developpement.

    Production server :
    vds.maindomain.tld aaa.bbb.ccc.ddd

    Dev server :
    local.maindomain.tld www.xxx.yyy.zzz

    From Registar side :
    Every domain managed by Production server has an entry like :
    *.domain.tld. IN A aaa.bbb.ccc.ddd
    (that points to the Production server)

    So I have a managed domain domain1.tld on Production server (that is OK).
    I would like it to delegate test.domain1.tld to the Dev server, so that typing :
    http://test.domain1.tld
    in a browser will be adressed to the Dev server.

    Dev server:
    A new DNS Zone has been created:
    named.conf.local :
    Code:
    zone "test.domain1.tld" {
        type master;
        allow-transfer {aaa.bbb.ccc.ddd;};
        also-notify {aaa.bbb.ccc.ddd;};
        allow-update {aaa.bbb.ccc.ddd;};
        file "/etc/bind/pri.test.domain1.tld";
};
    /etc/bind/pri.test.domain1.tld :
    Code:
    $TTL        3600
@       IN      SOA     local.maindomain.tld. server.maindomain.tld. (
                        2013061105       ; serial, todays date + todays serial #
                        7200              ; refresh, seconds
                        540              ; retry, seconds
                        604800              ; expire, seconds
                        86400 )            ; minimum, seconds
;

mail 3600 A        www.xxx.yyy.zzz
ns.domain1.tld. 86400 A        aaa.bbb.ccc.ddd
ns.test.domain1.tld. 86400 A        www.xxx.yyy.zzz
test.domain1.tld. 3600 A        www.xxx.yyy.zzz
test.domain1.tld. 3600      MX    10   mail.test.domain1.tld.
test.domain1.tld. 3600      NS        local.maindomain.tld.
www 3600 A        www.yyy.xxx.zzz
    Production server :
    A new entry has been created in domain1.tld DNS Zone, telling:
    Code:
    A 	ns.test.domain1.tld. 	www.xxx.yyy.zzz 	0 	86400
    named.conf.local :
    Code:
    zone "domain1.tld" {
        type master;
        allow-transfer {none;};
        file "/etc/bind/pri.domain1.tld";
};
zone "test.domain1.tld" {
        type slave;
        masters {www.xxx.yyy.zzz;};
        allow-transfer {www.xxx.yyy.zzz;};
        file "/etc/bind/slave/sec.test.domain1.tld";
};
    /etc/bind/pri.domain1.tld :
    Code:
    $TTL        3600
@       IN      SOA     vds.maindomain.tld. server.maindomain.tld. (
                        2013061101       ; serial, todays date + todays serial #
                        7200              ; refresh, seconds
                        540              ; retry, seconds
                        604800              ; expire, seconds
                        86400 )            ; minimum, seconds
;

domain1.tld. 3600 A        202.22.156.191
domain1.tld. 3600      MX    10   mail.domain1.tld.
domain1.tld. 3600      NS        vds.maindomain.tld.
mail 3600 A        202.22.156.191
mail 86400      TXT        "v=spf1 ip4:www.xxx.yyy.zzz ip4:aaa.bbb.ccc.ddd a mx ptr ~all"
ns.test.domain1.tld. 86400 A        www.xxx.yyy.zzz
www 3600 A        aaa.bbb.ccc.ddd
    The subdomain test.domain1.tld is not transfered to Dev server ...

    Production server syslog :
    Code:
    transfer of 'test.domain1.tld/IN' from www.xxx.yyy.zzz#53: connected using aaa.bbb.ccc.ddd#60073
transfer of 'test.domain1.tld/IN' from www.xxx.yyy.zzz#53: failed while receiving responses: REFUSED
transfer of 'test.domain1.tld/IN' from www.xxx.yyy.zzz#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.050 secs (0 bytes/sec)
    Dev server syslog :
    Code:
    client aaa.bbb.ccc.ddd#51131: zone transfer 'test.domain1.tld/AXFR/IN' denied
    I start to pull my hair and I probably miss something.
    Thanks a lot if you assist a bit with this.

    PS : port TCP & UDP 53 are opened on the 2 servers.
    PS2 : I don't want to play with hosts file on client side, as domains : test.domain1.tld, test.domain2.tld, ... have to be accessible from anywhere.
     
    Last edited: Jun 11, 2013
    electronico_nc, Jun 11, 2013
    #1
  2. electronico_nc

    electronico_nc Member

    update : zone transfer succeed :

    Dev server
    There were a typo at IP address in named.conf.local
    setting for debug :
    Code:
            allow-transfer {any;};
    allowed the zone transfer

    Dev server syslog :
    Code:
    zone test.domain1.tld/IN: sending notifies (serial 2013061105)
client aaa.bbb.ccc.ddd#52170: transfer of 'test.domain1.tld/IN': AXFR started
client aaa.bbb.ccc.ddd#52170: transfer of 'test.domain1.tld/IN': AXFR ended
    Production server syslog :
    Code:
    zone test.domain1.tld/IN: Transfer started.
transfer of 'test.domain1.tld/IN' from www.xxx.yyy.zzz#53: connected using aaa.bbb.ccc.ddd#52170
zone test.domain1.tld/IN: transferred serial 2013061105
transfer of 'test.domain1.tld/IN' from www.xxx.yyy.zzz#53: Transfer completed: 1 messages, 8 records, 232 bytes, 0.050 secs (4640 bytes/sec)
    Usefull code to know if zone transfer works or not, on slave :
    Code:
    dig @local.maindomain.tld test.domain1.tld. axfr

; <<>> DiG 9.8.1-P1 <<>> @local.maindomain.tld test.contact.nc. axfr
; (1 server found)
;; global options: +cmd
test.domain1.tld.	3600	IN	SOA	local.maindomain.tld. server.maindomain.tld. 2013061105 7200 540 604800 86400
test.domain1.tld.	3600	IN	A	www.xxx.yyy.zzz
test.domain1.tld.	3600	IN	MX	10 mail.test.domain1.tld.
test.domain1.tld.	3600	IN	NS	local.maindomain.tld.
mail.test.domain1.tld.	3600	IN	A	www.xxx.yyy.zzz
ns.test.domain1.tld.	86400	IN	A	www.xxx.yyy.zzz
www.test.domain1.tld.	3600	IN	A	www.xxx.yyy.zzz
test.domain1.tld.	3600	IN	SOA	local.maindomain.tld. server.maindomain.tld. 2013061105 7200 540 604800 86400
;; Query time: 29 msec
;; SERVER: 202.22.141.36#53(202.22.141.36)
;; WHEN: Wed Jun 12 06:14:22 2013
;; XFR size: 8 records (messages 1, bytes 232)
    Nice : zone transfer is OK !

    But typing in a browser :
    http://test.domain1.tld
    brings me to the default Apache2 page on Production server, not on the Dev server ...
     
    electronico_nc, Jun 11, 2013
    #2
  3. pititis

    pititis Member

    The problem that I see here is create a new zone for adding a simple host (dev) :confused:. You don't need a zone for every host in a domain.

    Simply add a A record to your domain.tld:

    Code:
    dev 86400 A      11.11.11.11
    Also the NS entry is wrong, example:

    Code:
    ns 86400 A        22.22.22.22
    Cheers
     
    pititis, Jun 12, 2013
    #3
  4. electronico_nc

    electronico_nc Member

    Hello,
    Thanks for your answer.

    I suppose you're talking about the Registar input.

    Unfortunately, I don't have a direct access to the Registar entries, I have to email them, then several days after, the modification is done ...

    That's why I've asked Registar to add :
    *.domain1.tld 86400 A ip_of_production_server
    so any subdomains are directed to Production server.

    I thought that I could then redirect any subdomain to the wanted server, ie :
    test.domain1.tld -> ip_of_dev_server

    It turns out that adding a simple A entry on Production server to domain1.tld like this :
    test 86400 A ip_of_dev_server
    never reach the Dev server while browsing : http://test.domain1.tld
    It always stops at the default Apache2 page on Production server.

    Other tries were :
    Create a site test.domain1.tld on Production server and redirect it via Apache R,L to the Dev server : browsing http://test.domain1.tld always ended to the Dev server Apache2 default page.

    That's why I thought to the DNS zone transfer.

    I continue the tests and hope to find a solution without having to modify the Registar entries.
     
    electronico_nc, Jun 12, 2013
    #4

Share This Page