Difference between revisions of "Cool Solution - DNS-Forwarding and subdomains"

From Univention Wiki

Jump to: navigation, search
 
(13 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{Cool Solutions Disclaimer|Repository=no|UCS=3.2}}
+
{{Version|UCS=4.3}}
 +
{{Version|UCS=4.2}}
 +
{{Cool Solutions Disclaimer|Repository=no}}
 +
{{#seo:
 +
|title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|'|'}}|&|&}}|"|"}}|Cool Solution - |}} - {{SITENAME}}
 +
<!--|description=-->
 +
}}
 
[[Category:Samba 4]]
 
[[Category:Samba 4]]
  
This article describes briefly how you can set up Forward Zones and subdomains on the Univention Corporate Server (UCS) with Samba 4.<br>
+
This article describes briefly how you can set up forward zones and subdomains on the Univention Corporate Server (UCS)<br>
Prerequisites:
+
 
 +
===Prerequisites===
 +
'''UCS Server Type'''
 +
 
 
* UCS DC Master
 
* UCS DC Master
* Samba 4 as DNS-Backend
 
  
To determine that Samba 4 is the DNS-Backend run:
+
* UCS DC Backup
  ucr search dns/backend
+
 
The output should be "samba4"
+
* UCS Slave
 +
 
 +
'''DNS Backend'''
 +
 
 +
Identify the backend you are using for DNS.
 +
 
 +
Depending on the backend you are using you have to edit the configuration files accordingly.
 +
 
 +
''Samba4''
 +
 
 +
If you use Samba4 the following command should output "samba4":
 +
  ucr get dns/backend
 +
samba4
 +
 
 +
The configuration file would be then
 +
* /etc/bind/local.conf.samba4
 +
 
 +
''LDAP''
  
= Forward Zones =
+
If you use LDAP the following command should output "ldap":
To set up Forward Zones add it in the configuration in /etc/bind/local.conf.samba4
+
ucr get dns/backend
 +
ldap
 +
 
 +
The configuration file would be then
 +
* /etc/bind/local.conf.proxy
 +
 
 +
== Forward Zones ==
 +
This is useful when only a specific domain name (e.g. domain.tld) needs to be answered by another DNS server (e.g. 172.16.100.1).
 +
 
 +
----
 +
'''Restrictions:'''
 +
With Univention Corporate Server it is <u>not</u> possible to set up a subdomain of the Univention zone (e.g. sub.domain.tld) as a forward zone! To use subdomains see [[#Subdomains|Chapter about Subdomains]]
 +
----
 +
 
 +
To set up a forward zone add the zone in the configuration file (/etc/bind/local.conf.proxy or /etc/bind/local.conf.samba4)
 
  zone "domain.tld" {
 
  zone "domain.tld" {
 
   type forward;
 
   type forward;
   forwarders { 123.456.789.012; };
+
   forwarders { 172.16.100.1; };
 
  };
 
  };
  
= Subdomains =
+
After setting the new configuration, services must be restarted:
For forwarding to subdomains the normal zones statement can be used:   
+
<pre>
 +
systemctl restart bind9
 +
</pre>
 +
 
 +
== Slave Zones ==
 +
This is useful when a specific DNS server (e.g. 172.16.10.1) is authoritative for a specific domain name (e.g. slave.tld).
 +
 
 +
To set up slave zones add the following to the configuration file (/etc/bind/local.conf.proxy or /etc/bind/local.conf.samba4)
 +
zone "slave.tld" {
 +
  type slave;
 +
  file "slave.tld";
 +
  masters { 172.16.10.1; };
 +
};
 +
 
 +
After setting the new configuration, services must be restarted:
 +
<pre>
 +
systemctl restart bind9
 +
</pre>
 +
 
 +
 
 +
== Subdomains ==
 +
Another case is when a subdomain (e.g. sub.domain.tld) is managed by another server (e.g. 10.0.100.1).
 +
 
 +
----
 +
'''Restrictions:'''
 +
With Univention Corporate Server it is <u>not</u> possible to set up a subdomain of the Univention zone (e.g. sub.domain.tld) as a forward zone. A subdomain has to be configured as a slave zone!
 +
----
 +
 
 +
For answering subdomains the normal zones statement for slave zones can be used:   
 
  zone "sub.domain.tld" {
 
  zone "sub.domain.tld" {
 
       type slave;
 
       type slave;
       masters { 123.456.789.012; };
+
      file "sub.domain.tld";
      forwarders {};
+
       masters { 10.0.100.1; };
 
  };
 
  };
  
= Debugging =
+
After setting the new configuration, services must be restarted:
 +
<pre>
 +
systemctl restart bind9
 +
</pre>
 +
 
 +
== Debugging ==
 
For debugging purpose set a higher debug level with:
 
For debugging purpose set a higher debug level with:
  ucr set dns/debug/level=LEVEL
+
  ucr set dns/debug/level=<LEVEL>
 +
Where <LEVEL> could be some value between 0 and 11.
 +
If needed, increase the debug level of the Samba4 module as well:
 +
ucr set dns/dlz/debug/level=<LEVEL>
 +
 
 
Restart bind with:
 
Restart bind with:
service bind9 restart
+
<pre>
The default log is the syslog.
+
systemctl restart bind9
 +
</pre>
 +
 
 +
 
 +
== Further Reading ==
 +
 
 +
* [http://books.google.de/books?id=mjabAgAAQBAJ&pg=PT82&lpg=PT82&dq=how-to-configure-a-name-server-to-forward-some-queries-to-other-name-servers/&source=bl&ots=V5N7jd5Bsr&sig=GlnbmpW1mNYmw7G3dmUKRAMHzXM&hl=de&sa=X&ei=gm9kVNKiLMzYPcSkgaAJ&ved=0CDkQ6AEwAw#v=onepage&q=how-to-configure-a-name-server-to-forward-some-queries-to-other-name-servers%2F&f=false How to configure a name server to forward some queries to other name servers]
 +
* [http://www.diablotin.com/librairie/networking/dnsbind/ch12_01.htm Bind9 Loglevel]

Latest revision as of 09:51, 18 May 2018

Produktlogo UCS Version 4.3
Produktlogo UCS Version 4.2

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

This article describes briefly how you can set up forward zones and subdomains on the Univention Corporate Server (UCS)

Prerequisites

UCS Server Type

  • UCS DC Master
  • UCS DC Backup
  • UCS Slave

DNS Backend

Identify the backend you are using for DNS.

Depending on the backend you are using you have to edit the configuration files accordingly.

Samba4

If you use Samba4 the following command should output "samba4":

ucr get dns/backend
samba4

The configuration file would be then

  • /etc/bind/local.conf.samba4

LDAP

If you use LDAP the following command should output "ldap":

ucr get dns/backend
ldap

The configuration file would be then

  • /etc/bind/local.conf.proxy

Forward Zones

This is useful when only a specific domain name (e.g. domain.tld) needs to be answered by another DNS server (e.g. 172.16.100.1).


Restrictions: With Univention Corporate Server it is not possible to set up a subdomain of the Univention zone (e.g. sub.domain.tld) as a forward zone! To use subdomains see Chapter about Subdomains


To set up a forward zone add the zone in the configuration file (/etc/bind/local.conf.proxy or /etc/bind/local.conf.samba4)

zone "domain.tld" {
  type forward;
  forwarders { 172.16.100.1; };
};

After setting the new configuration, services must be restarted:

systemctl restart bind9

Slave Zones

This is useful when a specific DNS server (e.g. 172.16.10.1) is authoritative for a specific domain name (e.g. slave.tld).

To set up slave zones add the following to the configuration file (/etc/bind/local.conf.proxy or /etc/bind/local.conf.samba4)

zone "slave.tld" {
  type slave;
  file "slave.tld";
  masters { 172.16.10.1; };
};

After setting the new configuration, services must be restarted:

systemctl restart bind9


Subdomains

Another case is when a subdomain (e.g. sub.domain.tld) is managed by another server (e.g. 10.0.100.1).


Restrictions: With Univention Corporate Server it is not possible to set up a subdomain of the Univention zone (e.g. sub.domain.tld) as a forward zone. A subdomain has to be configured as a slave zone!


For answering subdomains the normal zones statement for slave zones can be used:

zone "sub.domain.tld" {
      type slave;
      file "sub.domain.tld"; 
      masters { 10.0.100.1; };
};

After setting the new configuration, services must be restarted:

systemctl restart bind9

Debugging

For debugging purpose set a higher debug level with:

ucr set dns/debug/level=<LEVEL>

Where <LEVEL> could be some value between 0 and 11. If needed, increase the debug level of the Samba4 module as well:

ucr set dns/dlz/debug/level=<LEVEL>

Restart bind with:

systemctl restart bind9


Further Reading

Personal tools