OraFAQ Forum: Linux » bind9 under Linux & Subdomain in BIND9

Home » Infrastructure » Linux » bind9 under Linux & Subdomain in BIND9 (Oracle Linux 8 / BIND9)

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

bind9 under Linux & Subdomain in BIND9 [message #689446]

Wed, 27 December 2023 09:46

DarkwingDuck
Messages: 4
Registered: December 2023

Junior Member

Hi

I installed bind9 under Linux 8.9.

To control the access to the dns server I defined an keyfile:
ls -l /etc/penny.key
-rw-r--r--. 1 root named 101 Dec 10 21:32 /etc/penny.key

key "pennyskey" {
       algorithm hmac-sha256;
       secret "xxxxxxxxxxxxxxxxxxxxxxxxxxx=";
};

This is included in /etc/named.conf:
include "/etc/penny.key";

zone "darkwing.net" IN {
       type master;
       file "/var/named/db.darkwing.net.zone";
       allow-update { key “pennyskey”; };
};

[root@orarouter etc]# ls -l /var/named/db.*
-rw-r--r--. 1 root named 712 Dec 20 22:34 /var/named/db.100.168.192.in-addr.arpa
-rw-r--r--. 1 root named 427 Dec 24 23:02 /var/named/db.211.168.192.in-addr.arpa
-rw-r--r--. 1 root named 425 Dec 24 23:03 /var/named/db.212.168.192.in-addr.arpa
-rw-r--r--. 1 root named 430 Dec 23 14:54 /var/named/db.50.168.192.in-addr.arpa
-rw-r--r--. 1 root named 488 Dec 17 13:53 /var/named/db.52.168.192.in-addr.arpa
-rw-r--r--. 1 root named 487 Dec 17 13:54 /var/named/db.53.168.192.in-addr.arpa
-rw-r--r--. 1 root named 1808 Dec 26 19:29 /var/named/db.darkwing.net.zone
[root@orarouter etc]#

Then I tried to check if everything works:

export HMAC=hmac-sha256:pennyskey:xxxxxxxxx
nsupdate -y $HMAC

> nsupdate -y $HMAC
> server localhost
> zone darkwing.net
> update add test.darkwing.net. 600 IN A 192.168.50.99
> send
However, this fails:
update failed: REFUSED

journalctl -xe shows:
Dec 27 16:07:52 orarouter.darkwing.net named[1546]: client @0x7f1e540c0ab0 ::1#50577/key pennyskey: signer "pennyskey" denied
Dec 27 16:07:52 orarouter.darkwing.net named[1546]: client @0x7f1e540c0ab0 ::1#50577/key pennyskey: update 'darkwing.net/IN' denied

Can anyone give me a helping hand?

Thanks
Christian

Report message to a moderator

Subdomain in BIND9 [message #689449 is a reply to message #689446]

Mon, 01 January 2024 16:47

DarkwingDuck
Messages: 4
Registered: December 2023

Junior Member

Hi

I need to define an sub domain.
It should have the name "cl01" in the domain darkwing.net.

When I searched the web how to set it up, I found three ways:

Oracle requests in Doc ID 946452.1 (which is about 11):
$ORIGIN cl01.
@ IN NS gns.cl01.
gns.cl01. IN A 192.168.101.100

If I take a look at Doc for 19c - I find:
cl01-gns-vip A 192.168.101.100
cl01.darkwing.net NS cl01-gns-vip.darkwing.net

And many Users suggest:
$ORIGIN cl01.darkwing.net.
@IN NS gns.cl01.darkwing.net.
gns.darkwing.net. IN A 192.168.101.100
But all of them talk about 11 or 12.

Sadly, none of these are accepted by ORACLE GNS which requests an Subdomain delegation.
I receive:

PRVG-5825 :
Subdomain delegation verification for the subdomain "cl01.darkwing.net" failed.
Cause:
An attempt to verify subdomain delegation for the indicated subdomain failed.
Action:
Ensure that Grid Naming Service (GNS) subdomain delegation is set up correctly
in the DNS and retry the operation.

Can anyone tell me, which way is the correct way to setup DNS?
And can I check setup with nslookup or dig?

Cheers and have a great 2024
Christian

Report message to a moderator

Re: Subdomain in BIND9 [message #689450 is a reply to message #689449]

Tue, 02 January 2024 01:17

Michel Cadot
Messages: 68722
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

It seems you have solved the first problem, so please provide the solution about it.

Report message to a moderator

Previous Topic:	Oracle database and SELinux
Next Topic:	Oracle Patch

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Dec 11 14:58:44 CST 2024