NS record question
Roy Arends
Roy.Arends at nominum.com
Mon Mar 26 21:50:56 UTC 2001
On Mon, 26 Mar 2001, Bob Vance wrote:
> >2) the set of slaves for both zones are identical AND
>
> Hmm. I don't see why this matters -- I'll have to cogitate on it for a
> while.
When they have not the same slaves specified, for instance parent has
slave A and child has slave B, then slave A does not have the zone-cut
records, when they are omitted from the parent. Any query for a child of
a zone, asked to slave A, will result in an NXDOMAIN.
> >3) your using bind-8, which can not differ apex and zone-cut records
> AND
>
> Ahh.
> Yeah, I'm using BIND 8.2.3.
> We're obviously getting into water that's way over my head, here :)
> That would explain why the NS records showed up fine for me, vis-a-vis
> BIND8, when they only appeared in the child zone file. I didn't realize
> that there had already been an issue of distinguishing the two types of
> NS records that has been addressed in BIND9.
>
> Is this issue discussed in the docs or is there a URL that has info on
> this issue?
RFC 2535, 2.3.4 and you might want to check namedroppers. BIND-9 was
build with DNSSEC in mind. When using DNSSEC, every single record in the
zone has its own SIG, created by the zone's zone-KEY. NS records at the
child zone have a SIG from the child's zone KEY. This is why there has to
be a distinction between NS records at parent and child.
Regards,
Roy Arends
Nominum
More information about the bind-users
mailing list