NS record question

Roy Arends Roy.Arends at nominum.com
Mon Mar 26 18:33:21 UTC 2001 

On Mon, 26 Mar 2001, Bob Vance wrote:

> I had noticed that creating a sub-zone on the same server without
> delegation worked in the simple environment of my home network with only
> one nameserver.  I later went ahead and did the delegation to itself
> when I realized my omission, but it got me to wondering about the same
> thing.
> 
> So I'm also trying to figure out exactly where it breaks down.
> A secondary server should be authoritative and he knows how to get zone
> transfers done, so he should be able to answer OK without NS records.

This is not so much a zone-transfer issue. He indeed should be OK when
asked for information from its zone. But consider the following:

3 nameservers: 1.1.1.1, 2.2.2.2 and 3.3.3.3

3 zones: "mil." "army.mil." and "navy.mil.", No NS records at .mil for
army.mil. and navy.mil.

1.1.1.1 is master for "mil."
1.1.1.1 is master for "army.mil."
1.1.1.1 is master for "navy.mil."

2.2.2.2 is slave for "mil."
2.2.2.2 is slave for "army.mil."

3.3.3.3 is slave for "mil."
3.3.3.3 is slave for  "navy.mil."

When a resolve queries root for "ship.navy.mil.", root refers to 1.1.1.1,
2.2.2.2 and 3.3.3.3 for the "mil." domain.

A resolver chooses on of those, say 2.2.2.2.

When a resolver queries 2.2.2.2 for "ship.navy.mil.", 2.2.2.2 wil not
refer to 3.3.3.3, there are no NS records for childzones in the .mil zone,
because parent and child are hosted on the same server. Now, the resolver
hangs in the blue, depressed and lonely, cause no-one can answer its
question. Even worse, it will get authoritative a "NXDOMAIN" back.

> Another server somewhere trying to get sub-zone.foo.com would be
> referred to the nameserver(s) for foo.com. -- but then he (or they)
> would know that they are authoritative for sub-zone.foo.com and should
> answer.
> 
> Right?
> 
> I guess without the NS records there would be a NOTIFY issue.

There is no NOTIFY issue. Notifies get sent to slave servers, not to child
zones. This discussion was about omitting NS records for delegation when
child is hosted from the same server. Not a discussion about the NS record
residing and a zones apex.

Regards,

Roy Arends
Nominum

More information about the bind-users mailing list