<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Michael,</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">I think you only read a few posts on this thread, so I’ll give you some details of what had/has been done up to this point, as I read your entire email and from what you are saying, I’ve already done (which is why I’m reaching out to the community) - correct me if I’m wrong.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">I have a single zone: <b>lab.example.com</b></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">The isilon needs a delegated zone for it to use, so we simply chose <b>isilon.lab.example.com</b></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">From a PowerDNS perspective, <b>lab.example.com</b> lives on a single server <b>pdns01</b> and the database server runs on its own dedicated hardware <b>pdnsdb01</b>.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">A single zone was created - <b>lab.example.com</b></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">We added the following DNS records to PowerDNS (in the <b>lab.example.com</b> zone):</div><div id="bloop_customfont" style="margin: 0px;"><pre style="color: rgb(0, 0, 0); font-family: Helvetica, Arial; font-size: 13px; white-space: pre-wrap;">labisilon.lab.example.com. 900 IN NS lab-isilon.lab.example.com.
lab-isilon.lab.example.com. 900 IN A x.x.x.x</pre><pre><font face="Helvetica, Arial"><span style="white-space: normal;">Once we added this, it still does not work; when we ping labisilon.lab.example.com, it returns the IP from lab-isilon.lab.example.com, which would be as expected, but since the “x.x.x.x” IP is a SmartConnect IP on the Isilon, it actually takes that IP gives a random IP (depends on how the Isilon is configured) back to the client. So, in our case, we basically round-robin it, so each new request to the isilon should give us a new IP, until we get to the end, and then we start over. </span></font></pre><pre><font face="Helvetica, Arial"><span style="white-space: normal;">I just need to know if I’m missing something here, and if not, maybe it is an issue with the Isilon, in this case. I just want to make sure that I’m setting up DNS delegation correctly in PowerDNS, or if I’m missing something PowerDNS specific.</span></font></pre></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Thanks for your continued input.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div> <div id="bloop_sign_1386913141920339200"><span style="font-family:helvetica,arial;font-size:13px"></span>-- <br>Drew Decker<br><br></div> <br><p style="color:#A0A0A8;">On December 12, 2013 at 9:32:33 PM, Michael Loftis (<a href="mailto://mloftis@wgops.com">mloftis@wgops.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div><div>The most common and obvious example of glue is when you have a TLD
<br>such as GOV, COM, or EDU delegate your domain, your NS records usually
<br>exist within your domain so glue must exist higher up, exact same
<br>principal applies at every level where a delegation occurs. Say
<br>isil.lab.example.com is served by the isilon. This is the delegated
<br>subdomain. lab.example.com is served by other nameservers. The A
<br>record you're using could be ns1.isil.lab.example.com, and so must
<br>exist in both the isil.lab.example.com domain, AND the lab.example.com
<br>domain, in two seperate nameservers.
<br>
<br>You must have on BOTH the lab.example.com and the isil.lab.example.com
<br>domains and nameservers.... A records for out of zone nameservers in
<br>subdomains are called glue. Nothing magical. Everyone has some in
<br>COM, GOV, EDU, ORG, etc. If you take a look at google.com, you'll see
<br>ns1 through ns4.google.com -- those four A records exist in the COM
<br>zone as glue. Likewise, all four of those A records served by the COM
<br>nameservers are identical to the ones served by google.com
<br>nameservers. Same thing has to happen on subdomains if the A record
<br>points to something that exists inside the delegated domain.
<br>
<br>ns1.isil.lab.example.com IN A 127.1.1.2
<br>isil.lab.example.com IN NS ns1.isil.lab.example.com
<br>
<br>And that leads into yet another pitfall, if those records are
<br>mismatched, BIND and most other resolvers will decide someone is
<br>trying to poison their cache and refuse to serve results for that
<br>domain (or subdomain, there is not any distinction to BIND and
<br>PowerDNS)
<br>
<br>
<br>
<br>
<br>On Thu, Dec 12, 2013 at 4:48 PM, Drew Decker <drewrockshard@gmail.com> wrote:
<br>> Michael,
<br>>
<br>> When you state "If the A records that the NS points to are in the subdomain,
<br>> glue records must be created in the parent domain/zone." - can you elaborate
<br>> on how to do this? Everything else that you mentioned is DNS 101 and has
<br>> already been done. Explain to me how and what I need to do about the DNS
<br>> glue records in PowerDNS and I'll give it a try.
<br>>
<br>> Thanks!
<br>>
<br>>
<br>> On Thu, Dec 12, 2013 at 6:36 PM, Michael Loftis <mloftis@wgops.com> wrote:
<br>>>
<br>>> I must be missing something because this is DNS 101. Just create NS
<br>>> records in the domain on the PDNS server that points at the isilon.
<br>>> If the A records that the NS points to are in the subdomain, glue
<br>>> records must be created in the parent domain/zone. There's no magic,
<br>>> insert the two records into your PowerDNS authoratitive servers
<br>>> records table, make sure that the clients can contact the isilon's UDP
<br>>> and TCP port 53 (where the A record points to)
<br>>>
<br>>> If you're still having issues I suggest using dig +trace to see whats
<br>>> going on, and dig in general to see if the isilon is even responding -
<br>>> it really sounds like you've got a firewall issue that's keeping
<br>>> anything from being able to contact the delegated-to nameserver.
<br>>>
<br>>> On Thu, Dec 12, 2013 at 4:17 PM, Drew Decker <drewrockshard@gmail.com>
<br>>> wrote:
<br>>> > Does anyone else know of a way to do this, or could give me some
<br>>> > recommendations on how we could do this in or current configuration? We
<br>>> > just need to be able to create a delegation in PowerDNS to use a
<br>>> > different
<br>>> > Nameserver on the actual isilon. We are basically delegating to the
<br>>> > Isilon
<br>>> > for a specific "subdomain".
<br>>> >
<br>>> > Thanks!
<br>>> >
<br>>> >
<br>>> > On Wed, Dec 4, 2013 at 2:06 PM, ktm@rice.edu <ktm@rice.edu> wrote:
<br>>> >>
<br>>> >> On Wed, Dec 04, 2013 at 02:03:57PM -0600, Drew Decker wrote:
<br>>> >> > Ken,
<br>>> >> >
<br>>> >> > Yea - I don't think this will work for us. Our domain is shared with
<br>>> >> > the
<br>>> >> > Isilon, so it would be lab.domain.com, and I don't want to forward
<br>>> >> > the
<br>>> >> > entire zone over to the Isilon.
<br>>> >> >
<br>>> >> > thanks!
<br>>> >> >
<br>>> >>
<br>>> >> Yes, we put our Isilon in its own (sub)domain for exactly that reason.
<br>>> >> It
<br>>> >> made this easy. You could roll-your-own with lua in the recursor if a
<br>>> >> separate
<br>>> >> domain is not possible.
<br>>> >>
<br>>> >> Regards,
<br>>> >> Ken
<br>>> >
<br>>> >
<br>>> >
<br>>> >
<br>>> > --
<br>>> > Best Regards,
<br>>> > Drew Decker
<br>>> >
<br>>> > _______________________________________________
<br>>> > Pdns-users mailing list
<br>>> > Pdns-users@mailman.powerdns.com
<br>>> > http://mailman.powerdns.com/mailman/listinfo/pdns-users
<br>>> >
<br>>>
<br>>>
<br>>>
<br>>> --
<br>>>
<br>>> "Genius might be described as a supreme capacity for getting its
<br>>> possessors
<br>>> into trouble of all kinds."
<br>>> -- Samuel Butler
<br>>
<br>>
<br>>
<br>>
<br>> --
<br>> Best Regards,
<br>> Drew Decker
<br>
<br>
<br>
<br>--
<br>
<br>"Genius might be described as a supreme capacity for getting its possessors
<br>into trouble of all kinds."
<br>-- Samuel Butler
<br></div></div></span></blockquote></body></html>