[CentOS] DNS in CentOS

Fri Apr 4 05:47:22 UTC 2008
Les Mikesell <lesmikesell at gmail.com>

vincenzo romero wrote:
> thank you again, more clarification, if anyone can pls shed light ...
>>  That happens anyway if the forwarder is not authoritative - that is, the
>> forwarder will act as a caching proxy.
> ok - so my lab.company.com is authoritative, so it should keep a copy
> of company.com's information then and be able to respond to queries
> even within the domain of company.com?

Yes, if a server is configured as primary or seconday for a zone it will 
reply directly without asking anyone else.

>>  It's not really polite to send private IP reverse lookups to the public
>> root servers, but I suppose millions of places do...
> i'm sorry, but how do i configure (or any pointer pls?) so that I do
> not point to the public root servers?  i just followed templates;
> whereas, the company.com DNS, I was not the one who configured it.

Configure your servers as primary or secondary for the reverse zones of 
all the private ranges you use (nn.nn.nn.IN-ADDR.ARPA).

> I think the issues I have encountered are less now....
> My questions.
> 1.  From my lab.company.com DNS server - do I need to update my
> /etc/resolv.conf file so that it shows:
> search lab.company.com company.com
> nameserver
> nameserver

The 'search' applies to lookups from clients on that particular machine 
where a bare host name is requested.

> 2.  With the above /etc/resolv.conf I can ping forward and backwards
> hosts, except - reverse lookup to host within company.com's domain
> still shows the root servers .. :(

If you aren't primary/secondary, it walks down following referrals from 
the root servers.  For private ranges you won't get the right answer 
because they aren't delegated.

> 3.  Strangest and confusing, is performing nslookup FROM
> lab.company.com's DNS server :
> a.  responds to nslookup company.com:
> nslookup
> Server:
> Address:
>       name = qatest1.lab.maxiscale.com.
> [root at myhost named]# nslookup maxiscale.com
> Server:
> Address:
> Non-authoritative answer:
> Name:   company.com
> Address:
> BUT it can't find an answer for ITS OWN domain:
>  nslookup lab.company.com
> Server:
> Address:
> *** Can't find lab.company.com: No answer

Usually the origin of the zone has A and NS records in the parent zone.

   Les Mikesell
     lesmikesell at gmail.com