Question about automatic promotion of NS records
Simon Waters
Simon at wretched.demon.co.uk
Tue Jan 7 18:18:19 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Roberts wrote:
>
> Is that right?
I try not to do BIND 8 but yes I think you are right.
> Now in BIND 9, apparently this doesn't happen any more, but is it
> really an issue?
Yes - nasty idea having a computer putting NS in my parent zones
for me, definitely best lost this feature.
> As the server is authoritative for both parent and
> sub-domains anyway we can still get away without adding the
delegation
> records into the parent zone, but what side-effects does this
have?
Slaves that have only parent zones won't work.
If you leave them out and a child zone becomes toast, you
suddenly revert to slave with only parent zone - bad things can
now happen - probably NXDOMAIN instead of the correct answer --
I'm guessing but it doesn't sound good to me.
> From a purists perspective I know it's not strictly correct
and that
> you "should" have delegation records in the parent zone but
what are
> the advantages? All my slaves are authoritative for both
parent and
> sub-domains and the guys here are asking why they should
bother adding
> the NS records and I can't give them a concrete answer.
Why don't you put all the records in one zone file?
zone != domain
I prefer to keep zone corresponding to domain as it is easier to
think about (this is a big plus in my book), and easier to
change around quickly, and should I make a mistake (which of
course never happens) I may with luck break less.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+GxnnGFXfHI9FVgYRAkNKAJ9XyiaRDcYQoWRrws6tqLK6hiZsswCeOrSk
AyNJoF+WvVaseKfDP8SQwz8=
=pnyG
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list