Linux Bind View options and some other queries ...

[harmandeep]

Hi ... linux newbie here ... got a few queries regarding BIND

System--- x86-rhel-52-01 virtual guest ||| Bind 9.3.4

1) I wanna differentiate b/w 'match-clients' and 'match-destinations' options defined a VIEW clause to see them working in test setup ! how can i achieve so ?
EXCERPT from a bind doc
"The match-clients statement defines the address_match_list for the source IP address(es) of the incoming messages. The match-destination statement defines the address_match_list for the destination IP address of the incoming messages and may be used with multihomed servers or to differentiate, for example, localhost behavior from all other IP address sources."

But how do i setup the above scenario ...

2) why don't we receive an answer for a SOA query of rs.internic.net ||| although NS and A queries are do ANSWERED positively.
using these public dns server for querying SOA
a) 208.67.222.222 | 4.2.2.1 | 8.8.8.8
b) Recursive resolution done by rhel guest by itself using named.root ROOT
hints.
Is that possible, we have a public dns domain of which we can't query SOA... despite the reason that this info should be mandatory PUBLIC for a PUBLIC domain ! (correct me here)

3) Query regarding STUB zones when they are created for public domains
on our test System ... |||
Public domains causing Confusion --- apple.com | nokia.com
Public domains obeying ---- yahoo.com

why doesn't our BIND server received HOST A RR for the NS servers ( mentioned in NS RR ) for the apple.com and nokia.com domain whereas it does received HOST A RR for NS Servers ( mentioned in NS RR ) associated with yahoo.com domain ... why is that difference arising when we try to create STUB zones of these above mentioned PUBLIC domains ?

See the detailed conf. and output difference here
pastebin.com/raw.php?i=preMZfA4

 

[agn]

Haven't touched BIND for quiet a while.

1) Chapter 7 DNS BIND view Clause

2) rc.internic.net is probably not a zone. So no SOA record. You'll find SOA record for internic.net.

3) A stub zone only replicates the NS records of it's master. Not sure what happened with yahoo.com there.

 

[harmandeep]

1) yet to try

2) If we query SOA for a HOST-Domain Name, in output we will see SOA for the Authoritative DOMAIN Zone responsible for that HOST-Domain name { u need to use various Public DNS Servers for getting Precise output ... sometimes ONE works othertime it doesn't } ( and leave that rc.internic.net. Example... as its NXDOMAIN now

[root@localhost ~]# dig @4.2.2.1 -t soa l.mx.mail.yahoo.com.

; <<>> DiG 9.3.4-P1 <<>> @4.2.2.1 -t soa l.mx.mail.yahoo.com.

; (1 server found)

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14206

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;l.mx.mail.yahoo.com. IN SOA

;; AUTHORITY SECTION:

yahoo.com. 14 IN SOA ns1.yahoo.com. hostmaster.yahoo-inc.com. 2011020910 3600 300 1814400 600

;; Query time: 340 msec

;; SERVER: 4.2.2.1#53(4.2.2.1)

;; WHEN: Wed Feb 9 10:49:13 2011

;; MSG SIZE rcvd: 98

[root@localhost ~]# dig @4.2.2.1 -t soa rc.internic.net

; <<>> DiG 9.3.4-P1 <<>> @4.2.2.1 -t soa rc.internic.net

; (1 server found)

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64141

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;rc.internic.net. IN SOA

;; AUTHORITY SECTION:

internic.net. 0 IN SOA dns1.icann.org. hostmaster.icann.org. 2010044636 3600 1800 604800 3600

;; Query time: 354 msec

;; SERVER: 4.2.2.1#53(4.2.2.1)

;; WHEN: Wed Feb 9 10:49:54 2011

;; MSG SIZE rcvd: 94



3) BIND option that is responsible for apple.com / nokia.com OUTPUT difference

minimal-responses ||| default is NO for this option if this option isn't explicitly to YES.

 

[harmandeep]

guys, need to finish, any info regarding HOWTO simulate 1)