NS record question

Bob Vance bobvance at alumni.caltech.edu
Mon Mar 26 20:26:26 UTC 2001 

>sigh,
Sorry to be a bother :|
But, I'm learning a lot -- which is why I'm on the list :)


>1) parent and child reside on same server AND

Of course, this *is* what we're discussing :)


>2) the set of slaves for both zones are identical AND

Hmm. I don't see why this matters -- I'll have to cogitate on it for a
while.


>3) your using bind-8, which can not differ apex and zone-cut records
AND

Ahh.
Yeah, I'm using BIND 8.2.3.
We're obviously getting into water that's way over my head, here :)
That would explain why the NS records showed up fine for me, vis-a-vis
BIND8, when they only appeared in the child zone file.  I didn't realize
that there had already been an issue of distinguishing the two types of
NS records that has been addressed in BIND9.

Is this issue discussed in the docs or is there a URL that has info on
this issue?



-------------------------------------------------
Tks        | <mailto:BVance at sbm.com>
BV         | <mailto:BobVance at alumni.caltech.edu>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430           11455 Lakefield Dr.
Fax 770-623-3429           Duluth, GA 30097-1511
=================================================





-----Original Message-----
From: roy at node10c4d.a2000.nl [mailto:roy at node10c4d.a2000.nl]On Behalf Of
Roy Arends
Sent: Monday, March 26, 2001 4:02 PM
To: Bob Vance
Cc: bind-users at isc.org
Subject: RE: NS record question


On Mon, 26 Mar 2001, Bob Vance wrote:

> Roy said:
> >In the parent zone, there _has_ to be delegation records for the
child
> >zone in any scenario, they should be identical copy of the NS records
> in
> >the childs apex.
>
> Actually, it appears that you do *not* have to have the NS records in
> the parent zone *file*, though -- only in the child zone *file*.
>
> This makes sense because, the NS records defined in child zone file
will
> show up in the servers cache anyway, since it's on the same server.
>
> Thus, the NOTIFY issue that I raised couldn't actually exist -- the
> primary *will* have the NS records for the child zone, like it or not
:)

sigh,

This is only true when

1) parent and child reside on same server AND
2) the set of slaves for both zones are identical AND
3) your using bind-8, which can not differ apex and zone-cut records AND
4) you're not using DNSSEC AND
5) you want to violate rfc1034

> Thus I would say that the answer to the original question:
>
> > Should I have NS records for a delegated zone even if the delegation
> is on
> > the same nameserver?
> > ---
> > db.mydomain.com
> > @	IN SOA ns.mydomain.com root.mydomain.com ( ... )
> > 	IN NS ns.mydomain.com.
> > 	IN NS ns1.mydomain.com.
> >
> > zone1	IN NS ns.mydomain.com.		#	should these lines be here
> > zone1	IN NS ns2.mydomain.com		#
>
> is,
>    "No.  You are not *required* to enter them into the parent zone
file.
>     They will appear from the child zone file.
>     You *must* have the NS records in the child zone file or it will
not
> load.
>    "

If all the specified points are met, then yes, but those were not
specified in the original question.

> This would be a good thing in the sense of defining the records in
only
> on place.  But, of course, puts obfuscation above readability and
> understanding :)

I agree.

Roy Arends
Nominum

More information about the bind-users mailing list