configuration bind9

bonjour,

je suis en 2eme année en réseau et telecom
je dois réaliser un projet qui est: mise en place d'une architecture DNS.
je rencontre quelques difficultées.

tout d'abord, mon architecture doit etre independante du réseau de l'iut par consequent je ne peux utiliser les serveurs DNS de l'iut.

j'utilise bind9 sous debian.
voici les fichiers de configurations que j'ai réalisé:

/******gtr.iut.u-clermont1.fr.zone*************/

$TTL 8h

@ IN SOA dnsdebian.gtr.iut.u-clermont1.fr. postmaster.gtr.iut.u-clermont1.fr. (
2006013040
8H
3H
2W
2D )

@ IN NS dnsdebian.gtr.iut.u-clermont1.fr.

dnsdebian IN A 192.168.108.130



iutclgtrb613 IN A 192.168.108.133
iutclgtrb601 IN A 192.168.108.121
iutclgtrb608 IN A 192.168.108.128

dnsdebian2 IN A 192.168.108.131


/************db.192.168.108************/

$TTL 4h

@ IN SOA dnsdebian.gtr.iut.u-clermont1.fr. postmaster.gtr.iut.u-clermont1.fr. (
2006013037
8H
4H
2W
2D )


@ IN NS dnsdebian.gtr.iut.u-clermont1.fr.

dnsdebian IN A 192.168.108.130

$ORIGIN gtr.iut.u-clermont1.fr.
dnsdebian IN CNAME iutclgtrb610.gtr.iut.u-clermont1.fr.


$ORIGIN 108.168.192.in-addr.arpa.

133 IN PTR iutclgtrb613.gtr.iut.u-clermont1.fr.zone.
121 IN PTR iutclgtrb601.gtr.iut.u-clermont1.fr.zone.
128 IN PTR iutclgtrb608.gtr.iut.u-clermont1.fr.zone.

/***********named.conf***************/

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";



// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

// prime the server with knowledge of the root servers

zone "." {
type hint;
file "/etc/bind/db.root";
};

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};



zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};




// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/rndc.key";
include "/etc/bind/named.conf.local";

zone "gtr.iut.u-clermont1.fr" {
type master;
file "/etc/bind/gtr.iut.u-clermont1.fr.zone";
};

zone "108.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.108";
};


/***********named.conf.options*********/

options {
// directory "/var/cache/bind";
directory "/etc/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.

// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 192.168.108.10;
// };

auth-nxdomain no; # conform to RFC1035

};

/*****************etc/hosts**************/

127.0.0.1 localhost.localdomain localhost
192.168.108.132 dnsdebian.gtr.iut.u-clermont1.fr dnsdebian
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

/*************resolv.conf**************/

search gtr.iut.u-clermont1.fr
nameserver 192.168.108.10

/***********résultat nslookup**********/

dnsdebian:/etc/bind# nslookup
> server 192.168.108.130
Default server: 192.168.108.130
Address: 192.168.108.130#53
> 192.168.108.133
Server: 192.168.108.130
Address: 192.168.108.130#53

133.108.168.192.in-addr.arpa name = iutclgtrb613.gtr.iut.u-clermont1.fr.zone.
> iutclgtrb613.gtr.iut.u-clermont1.fr
Server: 192.168.108.130
Address: 192.168.108.130#53

Name: iutclgtrb613.gtr.iut.u-clermont1.fr
Address: 192.168.108.133

/*************************************/

si on regarde le résultat de nslookup, on constate que cela fonctionne.

les problèmes sont les suivants:

en observant mes fichiers de zones, vous constaterez que dans le fichier gtr.iut.u-clermont1.fr.zone, mon DNS qui s'apelle

dnsdebian ne possede pas d'alias. Or, cette aliais est déclarer dans le fichier de resolution inverse (db.192.168.108).

est ce normal que qu'en j'indique un alias ( CNAME) dans les 2 fichiers ( gtr.iut.u-clermont1.fr.zone et db.192.168.108) et que j'effectue un nslookup, cela m'indique SERVFAIL ?

Comment dois je procéder pour que mon DNS puisse résoudre les adresses de l'extérieur ?

j'ai egalement un DNS de niveau inférieur dnsdebian2 qui gére le domaine .lan comment faire pour que celui ci interroge mon DNS superieur (dnsdebian) afin qu'il puisse accéder a l'internet ?

c'est vraiment pas simple. si vous pouvez me donnez quelques indications merci sinon merci d'avoir lu et bonne continuation.