trouble delegating a subdomain via NS record

/dev/rob0 rob0 at gmx.co.uk
Thu Feb 16 16:41:59 UTC 2017 

On Thu, Feb 16, 2017 at 11:31:55AM -0500, John Ratliff wrote:
> I’m trying to delegate a subdomain to another BIND server, but 
> when I add the NS record, some of the records stop working. I was 
> hoping someone could help me figure out why.

It's simple.

> Here is a zone file that demonstrates the problem for example.com. 
> It’s running on a CentOS 7 system with BIND 9.9.4. I saw the 
> problem originally on a Debian 8 server with BIND 9.9.5.
> 
> $TTL 3600
> @       IN      SOA ns1.example.com. hostmaster.example.com. (
>                 2017021608      ; serial (yyyymmdd##)
>                 7200            ; refresh secondary every 2 hours
>                 3600            ; retry secondary every hour thereafter
>                 1209600         ; expire w/o update in 14 days.
>                 3600 )          ; negative cache time of 1 hour
> 
>         IN NS ipa-test-client.example.com.

The missing owner name on that line says, "Stick with the previous 
owner name for this record."

> idm     IN NS ipa1.example.com.

You changed the owner name here.

>         IN MX 50 spamfw.example.com.

The missing owner name on that line says, "Stick with the previous 
owner name for this record."  Apparently you assumed that a missing 
owner name means "@", the current origin, but that is not so.

>         IN A 10.9.6.54

Likewise.

> ipa-test-client IN A 10.9.6.117
> ipa1            IN A 10.9.6.118
> 
> www     IN CNAME example.com.
> test    IN A 10.9.6.222
> 
> If I use the zone like this, the MX and A records seem to stop 
> working (I get NXDOMAIN with dig). If I comment out the idm NS 
> line, it starts working again. Other records seem fine. The www and 
> test records resolve, but the CNAME for www does not fully resolve 
> into 10.9.6.117 when the idm NS delegation is in place.
> 
> Is there a specific place I need to put the NS record for the idm 
> subdomain? Must it go at the end, or be placed after an $ORIGIN 

You probably don't want to set $ORIGIN.  When a zone file is read, 
named sets an implicit $ORIGIN to the name of the zone as in the 
named.conf(5) zone statement.

> declaration? I looked at a few guides on the internet, and they 
> didn’t suggest anything like this.

If you're going to use this format (missing owner names) you should 
keep all the same names together.

I suggest always using an owner name on every line.  It might not 
look as pretty, but it is definitely more grep-friendly.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

More information about the bind-users mailing list