Let me preface this by saying that I probably don't have the sufficient understanding of the subject, so feel free to advise me however you see fit.
I'm configuring a DNS server for a virtual network.
The virtual network consists of a few simulated user computers, a web server, mail server, two dns servers, and a few routers.
The two dns servers are an authoritative and a forwarding server respectively. My assignment is to configure the authoritative server to be responsible for its domain, and to have a reverse zone for a certain ip range, which doesn't cover the whole domain. (I might be confused on what it's supposed to cover, but the assignment only lists a range of 8 bits, the last octet of the IP, while some IPs in the domain are outside the last octet. (let's say my range is 172.16.40.0/24, and some of the computers are in ip 172.16.41.xx, and thus are not in the specified range.)
Everything seems to work fine and dandy, both forward and in reverse if I only have the authoritative server set as a possible nameserver in resolv.conf.
However, if I also include the other server in resolv.conf, regardless of order of inclusion, the reverse lookup stops working for some reason. This puts me in a predicament where I'd have to choose between being able to resolve external hosts, or being able to do a reverse lookup. (The forwarding server forwards requests to another preconfigured server that isn't supposed to be touched in this assignment. This other server can reach external hosts.)
To summarize, my authoritative dns server seems to work fine when it's the only server available, but if I include the other server, reverse lookups for the internal network fail.
I suspect I've misunderstood some fundamental element of DNS in general, and would appreciate it if someone could direct me to a resource that explains in detail the configuration of these DNS servers in relation to each other. Continuing.--->
>>55557
Continuing where I left off.
Most of the internet resources I've found just explain the difference between a recursive and an authoritative server, but rarely touch on how these should be configured to work in unison.
If you have pointers regarding the problem in the assignment, I'd appreciate it, but I'd probably better learn this if I could figure it out by myself. That's why I'd really appreciate if someone could explain to me, or point out a resource that explains in detail, the function of a recursive server and an authoritative server in case I've misunderstood something.
>>55557
cisco packet tracer training?
>>55565
Uni course assignment. General introduction to internet technologies.
Regarding packet tracing, the DNS queries work in a manner that's a little strange to me.
From what I understand, the computer should send queries to the DNS servers specified in resolv.conf in the order they're listed in the file.
However, Wireshark reports that even though the authoritative server was listed first in the file, the computer never sends a query to it, and instead queries the second server (the recursive one), which of course can't reverse resolve a local network IP address.
>>55559
Wait, why do you have two servers anyway?
BIND et. al. can be authoritative and recursive at the same time.
Rather than testing by setting resolv.conf, use something like dig or host with the [server] option to test each server in turn.
>>55569
> instead queries the second server (the recursive one), which of course can't reverse resolve a local network IP address.
Why can't it? It should know to forward to the first server when it's being asked for a local IP.
>>55576
Part of the assignment. They want me to configure two separate servers, one of which is an authoritative only server, which is responsible for the local domain, and a forwarding server, which will probably be reconfigured in a later assignment.
>>55578
This is probably where my configuration has gone wrong. Can you briefly explain or link an instruction on how configuring these forwarding servers works? What I'd like to know in detail is the required configuration for the internal DNS server to work with the forwarder.
I'm diving pretty much headfirst into this assignment with no further experience on anything computer related except basic programming. If you could suggest a good resource for further reading on the subject, I'd appreciate it.
>>55590
You still haven't said which DNS server you're using, but basically what you have to do is on the second server split the query space into zones, and specify the correct behaviour for each zone.
In your example, there'd be four zones:
local, forward-lookup {forwarded or hinted to local authoritative server}
local, reverse-lookup {forwarded or hinted to local authoritative server}
remote, forward-lookup {forwarded or hinted to something like 8.8.4.4}
remote, reverse-lookup {forwarded or hinted to something like 8.8.4.4}
Whether you'd use forwarding or hinting depends on which server you want doing the recursion: if you specify a server as a forwarder, your server delegates the recursion to it.
See http://www.zytrax.com/books/dns/ch4/#forwarding .
>>55597
Thank you. This clears up a lot of confusion, unless I'm retarded and still misunderstand. I'll report back in a moment, I'll see if I can try to fix up the configuration.
Do I understand correctly that these zones are for the forwarding server, and that these should be specified in the named.conf of the forwarding server?
So I'd specify a zone for the local domain example.com, to which I'd mark the authoritative server as the forwarder?
>>55597
Alright, I cleared up a couple of other problems in my configuration, but I still didn't manage to make reverse lookup work on the local network.
The local reverse lookup zone should be something like "40.16.172.in-addr.arpa" for IPs 172.16.40.xx, right? Also in named.conf.local the authoritative server should be specified as the forwarder for this domain.
Am I still not understanding the configuration correctly?
As a sidenote: Mismatching date/time between the virtual computer and real servers causes a lot of errors in connectivity and other stuff.
