is this a valid zone file?

Ben Bridges bbridges at springnet.net
Mon Dec 22 17:48:18 UTC 2008 

Since you are digging @127.0.0.1, I can't tell for sure on which server you are performing the dig.  But based on the responses, I'd say you were performing the dig on d62.test.net.  d62 is authoritative for 168.192.in-addr.arpa but not for 0/16.168.192.in-addr.arpa.  (The NS record for 0/16.168.192.in-addr.arpa in the 168.192.in-addr.arpa zone does not make d62 authoritative for 0/16.168.192.in-addr.arpa.)  And since you appear to have disallowed recursion on d62, it will not query d88 for the NS record for 0/16.168.192.in-addr.arpa.  It returns the NS record for 0/16.168.192.in-addr.arpa in the authority section of the query to tell the querying device that it needs to instead query d88 for the NS record.  

________________________________

From: bind-users-bounces at lists.isc.org on behalf of Jack Tavares
Sent: Mon 12/22/2008 5:05 AM
To: bind-users at lists.isc.org
Subject: RE: is this a valid zone file?



Thanks to everybody so far. I am still confused trying to figure this out.

At the risk of looking stupid...

Given this zone file.

$TTL 500
$ORIGIN 168.192.in-addr.arpa.
@       IN      SOA     d62.test.net. hostmaster.d62.test.net..  2008122201 10800 3600 604800 86400
                  NS      d62.test.net.
0/16            NS      d88.test.net.


dig for a zone transfer returns
[root at d62:Active] shared # dig axfr  @127.0.0.1 168.192.in-addr.arpa.
; <<>> DiG 9.5.0-P2 <<>> axfr @127.0.0.1 168.192.in-addr.arpa.
; (1 server found)
;; global options:  printcmd
168.192.in-addr.arpa.   500     IN      SOA     d62.test.net. hostmaster.my.domain. 2008122201 10800 3600 604800 86400
168.192.in-addr.arpa.   500     IN      NS      d62.test.net.
0/16.168.192.in-addr.arpa. 500  IN      NS      d88.test.net.
168.192.in-addr.arpa.   500     IN      SOA     d62.test.net. hostmaster.my.domain. 2008122201 10800 3600 604800 86400
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 22 03:16:38 2008
;; XFR size: 4 records (messages 1, bytes 179)


and a dig for the NS record returns:
[root at d62:Active] shared # dig   -t ns @127.0.0.1 168.192.in-addr.arpa.
; <<>> DiG 9.5.0-P2 <<>> -t ns @127.0.0.1 168.192.in-addr.arpa.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3426
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;168.192.in-addr.arpa.          IN      NS
;; ANSWER SECTION:
168.192.in-addr.arpa.   500     IN      NS      d62.test.net.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 22 03:17:15 2008
;; MSG SIZE  rcvd: 64


while a dig for the 0/16 NS record returns 0 answers, but  1 AUTHORITY record.
[root at d62:Active] shared # dig   -t ns @127.0.0.1 0/16.168.192.in-addr.arpa.
; <<>> DiG 9.5.0-P2 <<>> -t ns @127.0.0.1 0/16.168.192.in-addr.arpa.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29418
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;0/16.168.192.in-addr.arpa.     IN      NS
;; AUTHORITY SECTION:
0/16.168.192.in-addr.arpa. 500  IN      NS      d88.test.net.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 22 03:17:53 2008
;; MSG SIZE  rcvd: 69


So I am trying to figure out, if named wont serve the 0/16 NS record from 168.192 zone,
what is the purpose of putting it there?



--
Jack Tavares
AIM: jackatavares
SKYPE: jackandkaddee
Reminder: I am at GMT+2, 10 hours AHEAD of Seattle.
My workweek is Sunday-Thursday.
Email sent to me Thursday afternoon (PST) may not be viewed until Sunday morning (GMT+2).
________________________________________
From: bind-users-bounces at lists.isc.org [bind-users-bounces at lists.isc.org] On Behalf Of Matus UHLAR - fantomas [uhlar at fantomas.sk]
Sent: Monday, December 22, 2008 11:14 AM
To: bind-users at lists.isc.org
Subject: Re: is this a valid zone file?

On 21.12.08 04:21, Jack Tavares wrote:
> as specified, wouldn't this zone then be non-authoritative

I believe BIND doesn't check NS Records when deciding if it should set the
"AA" flag and only takes care about the records being from zone
(master/slave) or authoritative source (for AA records) or cache.

> > That has no NS server defined for the zone, just the ranges of the zone.
> > Is that valid?
>
> it is, but may cause problems. NS records for the zone itself should be
> defined.

--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081222/21a3f875/attachment.html>

More information about the bind-users mailing list