NS record for the @ entry

Jim Reid jim at mpn.cp.philips.com
Fri Aug 20 09:49:48 UTC 1999 

>>>>> "Edmund" == Edmund  <c990077 at hk.china.com> writes:

    Edmund> Might be my concept is not clear.  The SOA, to my
    Edmund> understanding, is used in the zone transfer between the
    Edmund> primary DNS server and its secondary DNS servers, and the
    Edmund> secondary DNS doesn't have a pre-configured SOA entry
    Edmund> because it will get it from primary DNS.  But I don't
    Edmund> understand why the @ entry has to have at least one NS
    Edmund> record associated with it since its' parent zone name
    Edmund> server already has a NS record pointing to it.

The SOA and NS records serve two different purposes. Your first
mistake is thinking they're somehow related or interchangeable. If
that were true, one of those resource records would be redundant
and/or superfluous.

The SOA record is the way you define the start of a zone. Think of it
as a declaration from the hostmaster to a name server like "I define a
new zone here". Parameters in the SOA record include a serial number,
how often slave (secondary) servers check for changes to that serial
number and some TTL values. That's it. NS records tell other name
servers where to find a name server for some zone. Think of them as
direction signs for other name servers.

For instance an entry in a zone file like:
	mydomain.com. NS ns0.foobar.com.
	mydomain.com. NS ns1.foobar.com.
says that the name servers at ns0.foobar.com and ns1.foobar.com can
give authoritative answers for the domain mydomain.com. Another name
server can then look up mydomain.com's SOA record by querying either
ns0.foobar.com or ns1.foobar.com.

So if you have an entry like
	@ NS localhost.
in some zone file, it's probably wrong. What this says is that queries
for the current domain - the '@' gets expanded to whatever name was
supplied in the zone statement in named.conf - have be send to localhost.
However that has address 127.0.0.1, which is the loopback interface on
every TCP/IP stack. This would mean that any name server finding this
NS record will try sending queries for your domain to itself. Unless
every name server on the planet slaves your domain, this obviously
isn't going to work.

Every zone file needs to have exactly one SOA record: "here's the
start of a zone" and at least 1 NS record: "here's where another name
server can send lookups for this zone".

More information about the bind-users mailing list