Delegating Authority

With millions of domain names and URLs on the Internet, the only way to keep track is with a distributed system. DNS implements this distribution through delegation to subdomains.

This section implements a trivial delegation whose purpose is illustrative only. No MX, no CNAME, no secondary server, not even reverse DNS. Just the same subnet as the rest of the examples in this chapter.

Imagine that a new department, called Subdomain, wants to administer its own DNS. That makes less work for the domain.cxmadministrators. Table 14.2 shows that the department has four hosts.

Table 14.2. The Subdomain Department’s Servers

Host IP
sylvia 192.168.100.40
brett 192.168.100.41
rena 192.168.100.42
valerie 192.168.100.43

So from a DNS point of view, the four hosts are sylvia.subdomain.domain.cxm, brett.subdomain.domain.cxm,rena.subdomain.domain.cxm, and valerie. subdomain.domain.cxm. The nameserver for subdomain.domain.cxm is on host sylvia. Here is a synopsis of the steps to take to accomplish this:

  1. Add authority for subdomain.domain.cxm on sylvia.
  2. Test the subdomain.domain.cxm local resolution.
  3. Delegate from mainserv to sylvia for the subdomain.
  4. Test the subdomain.domain.cxm delegation.

Add Authority for subdomain.domain.cxm on sylvia

Start by adding a zone for the subdomain. Simply add this code to sylvia‘s /etc/named.conf:

zone "subdomain.domain.cxm" {
  type master;
  file "named.subdomain.domain.cxm";
};

Next, make the zone data file, named.subdomain.domain.cxm in the /var/named directory. Here’s the file:

@ IN SOA sylvia.subdomain.domain.cxm. hostmaster.subdomain.domain.cxm. (
                                      2000072001 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum

                     IN    NS           sylvia.subdomain.domain.cxm.

sylvia               IN    A            192.168.100.40
brett                IN    A            192.168.100.41
rena                 IN    A            192.168.100.42
valerie              IN    A            192.168.100.43

Finally, make sure that there’s reverse DNS resolution for sylvia and that you can quickly access sylvia with telnet. You don’t need to provide reverse DNS for other hosts, just sylvia. (Review the Configuring DNS Server Master Zones section earlier in this chapter, if necessary.) Remember that the same reverse resolution problems that can delay or time-out telnet can prevent booting in certain situations.

When you can quickly access sylvia with telnet, restart named on sylvia with this command:

   # /etc/rc.d/init.d/named restart

Test the subdomain.domain.cxm Local Resolution

This implementation has no reverse DNS for brett, rena, and valerie, so nslookup might fail. Use ping to test instead. ping all four hosts. The results should resolve to the correct IP addresses, similar to the following example:

   # ping sylvia.subdomain.domain.cxm
PING sylvia.subdomain.domain.cxm (192.168.100.40): 56 data bytes
64 bytes from 192.168.100.40: icmp_seq=0 ttl=255 time=0.398 ms
--- sylvia.subdomain.domain.cxm ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.235/0.316/0.398 ms

# ping brett.subdomain.domain.cxm
PING brett.subdomain.domain.cxm (192.168.100.41): 56 data bytes
64 bytes from 192.168.100.41: icmp_seq=0 ttl=255 time=0.479 ms
--- brett.subdomain.domain.cxm ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.242/0.360/0.479 ms

# ping rena.subdomain.domain.cxm
PING rena.subdomain.domain.cxm (192.168.100.42): 56 data bytes
64 bytes from 192.168.100.42: icmp_seq=0 ttl=255 time=0.482 ms
--- rena.subdomain.domain.cxm ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.244/0.363/0.482 ms

# ping valerie.subdomain.domain.cxm
PING valerie.subdomain.domain.cxm (192.168.100.43): 56 data bytes
64 bytes from 192.168.100.43: icmp_seq=0 ttl=255 time=0.471 ms
--- valerie.subdomain.domain.cxm ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.234/0.352/0.471 ms

Once the DNS server on sylvia can resolve its hostnames to IP addresses, it’s time to delegate from mainserv.

Delegate from mainserv to sylvia for the Subdomain

Add the following two lines to mainserv‘s /var/named/named.domain.cxm under all other NS statements (to prevent breaking default names):

subdomain            IN    NS           sylvia.subdomain.domain.cxm.
sylvia.subdomain     IN    A            192.168.100.40

These lines say that sylvia.subdomain.domain.cxm is the nameserver for domain subdomain.domain.cxm.. (Remember that subdomainwithout a period is the same as subdomain.domain.cxm..) Because sylvia.subdomain.domain.cxm. has been mentioned, it must be locally resolved to an IP address. Hence the second line.

However, notice that there is no reference to brett, rena, or valerie anywhere on the mainserv server. That work is done on sylvia. This is the beauty of delegation. The subdomain subdomain could have 200 hosts and 1,000 subdomains below it, and you could pass on queries with just these two lines.

To finish the job, increment the serial number, save the file, and restart named.

Test the subdomain.domain.cxm Delegation

Start by pinging sylvia.subdomain.domain.cxm (be sure to fully resolve it). If that doesn’t work, there’s a problem with the local DNS. Examine named.domain.cxm.

Once you can ping sylvia.subdomain.domain.cxm, try pinging brett.subdomain.domain.cxm. If that doesn’t work, make sure it works onsylvia itself. Troubleshoot accordingly.

Once you can ping all subdomain.domain.cxm hosts from mainserv, you know you’ve performed DNS delegation.