Why does a non-delegated sub-domain work?
Daniel McDonald
dan.mcdonald at austinenergy.com
Mon May 7 17:13:01 UTC 2012
On 5/7/12 11:32 AM, "M. Meadows" <sun-guru at live.com> wrote:
>
> So ... if we have
>
> exacttarget.com delegated to ns1 and ns2.exacttarget.com nameservers
>
> and ... we manage the s6.exacttarget.com zone file from ns1 and
> ns2.exacttarget.com
>
> but we don't delegate s6 in the exacttarget.com zone file ... forgot to enter
> it in the zone file ...
>
> how is it that s6.exacttarget.com and its contents resolve properly from
> everywhere?
Because bind can't distinguish between a query for s6.exacttarget.com from
the exacttarget.com zone and a query for s6.exacttarget.com in the
s6.exacttarget.com zone, so it employs longest match and returns the
appropriate information.
> Seems BIND is helping us out behind the scenes somehow. Right?
Bind is hiding your configuration error, yes. It won't work with DNSSEC and
might fail if you have a secondary for s6.exacttarget.com that is not also
authoritative for exacttarget.com
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
More information about the bind-users
mailing list