Problems with subdomains in NSD

Tim_Smith1 · October 26, 2016, 9:38am

Hi,

I'm having difficulties getting subdomains to work in NSD and would be
eternally greatful if someone could tell me where I'm going wrong !

I have obfuscated the details below, but I am trying to extend
example.org with auto.example.org

The problem I'm finding is NSD reloads fine, but the slaves never
download a fresh copy of the zone (despite the master logs suggesting
so), and querying slaves or master doesn't give the desired results
(it responds with an empty reply)

I have tried :

(1) This....

$ORIGIN .
$TTL 3600 ; 1 hour
example.org IN SOA devnull.example.com. support.example.com. (
                                531790048 ; serial
                                10800 ; refresh (3 hours)
                                3600 ; retry (1 hour)
                                1209600 ; expire (2 weeks)
                                3600 ; minimum (1 hour)
                                )
                        NS bob.example.com.
                        NS jane.example.com.
                        MX 10 rx4.example.com.
                        MX 5 rx3.example.com.
                        TXT "v=spf1 mx ip4:172.16.177.0/24
ip4:172.16.178.0/24 -all"
$ORIGIN example.org.
auto MX 10 rx4.example.com.
auto MX 5 rx3.example.com.
auto TXT "v=spf1 mx ip4:172.16.177.0/24
ip4:172.16.178.0/24 -all"

(2) That....

$ORIGIN .
$TTL 3600 ; 1 hour
example.org IN SOA devnull.example.com. support.example.com. (
                                531790048 ; serial
                                10800 ; refresh (3 hours)
                                3600 ; retry (1 hour)
                                1209600 ; expire (2 weeks)
                                3600 ; minimum (1 hour)
                                )
                        NS bob.example.com.
                        NS jane.example.com.
                        MX 10 rx4.example.com.
                        MX 5 rx3.example.com.
                        TXT "v=spf1 mx ip4:172.16.177.0/24
ip4:172.16.178.0/24 -all"
$ORIGIN auto.example.org.
                        MX 10 rx4.example.com.
                        MX 5 rx3.example.com.
                        TXT "v=spf1 mx ip4:172.16.177.0/24
ip4:172.16.178.0/24 -all"

(3) Something else.....

$ORIGIN .
$TTL 3600 ; 1 hour
example.org IN SOA devnull.example.com. support.example.com. (
                                531790048 ; serial
                                10800 ; refresh (3 hours)
                                3600 ; retry (1 hour)
                                1209600 ; expire (2 weeks)
                                3600 ; minimum (1 hour)
                                )
                        NS bob.example.com.
                        NS jane.example.com.
                        MX 10 rx4.example.com.
                        MX 5 rx3.example.com.
                        TXT "v=spf1 mx ip4:172.16.177.0/24
ip4:172.16.178.0/24 -all"
$ORIGIN auto.example.org.
                        IN MX 10 rx4.example.com.
                        IN MX 5 rx3.example.com.
                        IN TXT "v=spf1 mx ip4:172.16.177.0/24
ip4:172.16.178.0/24 -all"

(4) And even....

$ORIGIN .
$TTL 3600 ; 1 hour
example.org IN SOA devnull.example.com. support.example.com. (
                                531790048 ; serial
                                10800 ; refresh (3 hours)
                                3600 ; retry (1 hour)
                                1209600 ; expire (2 weeks)
                                3600 ; minimum (1 hour)
                                )
                        NS bob.example.com.
                        NS jane.example.com.
                        MX 10 rx4.example.com.
                        MX 5 rx3.example.com.
                        TXT "v=spf1 mx ip4:172.16.177.0/24
ip4:172.16.178.0/24 -all"
$ORIGIN auto.example.org.
@ IN MX 10 rx4.example.com.
  @ IN MX 5 rx3.example.com.
   @ IN TXT "v=spf1 mx ip4:172.16.177.0/24
ip4:172.16.178.0/24 -all"

anandb · October 26, 2016, 10:45am

Hi Tim,

I'm having difficulties getting subdomains to work in NSD and would be
eternally greatful if someone could tell me where I'm going wrong !

I have obfuscated the details below, but I am trying to extend
example.org with auto.example.org

The problem I'm finding is NSD reloads fine, but the slaves never
download a fresh copy of the zone (despite the master logs suggesting
so), and querying slaves or master doesn't give the desired results
(it responds with an empty reply)

You haven't shown us a copy of your nsd.conf file, so it's hard to guess
what the issue is. The most likely problem is that you don't have
"notify:" statements in your zone configuration.

The example zones you showed in your email don't help at all, because
they have nothing to do with NSD's configuration.

Regards,
Anand

Tim_Smith1 · October 26, 2016, 12:19pm

Hi Anand,

The notify is working fine because updates to the base domain
(example.org) are being propagated OK. Its literally only the
extension to cover the subzone that isn't working and I can't figure
out why.

anandb · October 26, 2016, 1:06pm

Hi Tim,

I'd really love to help you, but as I said before, without seeing your
nsd.conf file, I really cannot help. So if you would like more useful
answers, then please take my advice and post your nsd.conf here.

Regards,
Anand

Tim_Smith1 · October 26, 2016, 1:52pm

I'm really not sure what the nsd.conf has to do with the price of eggs
? Since my problem is surely due to a zonefile syntax issue ??

But anyway, your wish is my commmand (again, numbers and names have
been obfuscated, so please don't try to interpret them) :

server:
        hide-version: yes
        verbosity: 1
        database: "" # disable database
        do-ip6: no

ip-address: 10.10.10.9

remote-control:
control-enable: yes

anandb · October 26, 2016, 2:07pm

Hi Tim,

Thanks for sharing your nsd.conf. The configuration looks fine.

So let's see. You create a zone "example.org" with some records in it.
Then you add more records to it, and reload this zone. And your slaves
don't appear to load the new zone?

The usual problem in such a case is that you've forgotten to incrememt
the serial number in the zone's SOA record. If slaves see the same
serial number they won't transfer the zone. Whenever you make any change
to the zone, you need to increment the serial by at least 1. Does this help?

Regards,
Anand

Tim_Smith2 · October 28, 2016, 12:28pm

Sorry for the delay in reply.

Eventually I got it working after I trashed zone files and entry from nsd.conf, ran reconf and then started again from scratch.

Weird !