NS record for the @ entry

Edmund c990077 at hk.china.com
Fri Aug 20 10:18:06 UTC 1999 

Thanks.  Someone has already cleared my misunderstanding.  I
have mistakenly thought that only the parent zone DNS server
need to keep NS record for its child zone.

Also, I remembered that a post has mentioned before that if there's
no NS record related to the @ entry, the BIND DNS server won't
start up.  However, what I still can't figure out is that if some client
query my DNS server for a record which is not NS type in my zone,
then I don't need to have a NS record associated with the @ entry
to answer the query.  So, why is it necessary to have at least one
NS record asssociated with the @ entry.

Jim Reid wrote:

> The SOA and NS records serve two different purposes. Your first
> mistake is thinking they're somehow related or interchangeable. If
> that were true, one of those resource records would be redundant
> and/or superfluous.
>
> The SOA record is the way you define the start of a zone. Think of it
> as a declaration from the hostmaster to a name server like "I define a
> new zone here". Parameters in the SOA record include a serial number,
> how often slave (secondary) servers check for changes to that serial
> number and some TTL values. That's it. NS records tell other name
> servers where to find a name server for some zone. Think of them as
> direction signs for other name servers.
>
> For instance an entry in a zone file like:
>         mydomain.com. NS ns0.foobar.com.
>         mydomain.com. NS ns1.foobar.com.
> says that the name servers at ns0.foobar.com and ns1.foobar.com can
> give authoritative answers for the domain mydomain.com. Another name
> server can then look up mydomain.com's SOA record by querying either
> ns0.foobar.com or ns1.foobar.com.
>
> So if you have an entry like
>         @ NS localhost.
> in some zone file, it's probably wrong. What this says is that queries
> for the current domain - the '@' gets expanded to whatever name was
> supplied in the zone statement in named.conf - have be send to localhost.
> However that has address 127.0.0.1, which is the loopback interface on
> every TCP/IP stack. This would mean that any name server finding this
> NS record will try sending queries for your domain to itself. Unless
> every name server on the planet slaves your domain, this obviously
> isn't going to work.
>
> Every zone file needs to have exactly one SOA record: "here's the
> start of a zone" and at least 1 NS record: "here's where another name
> server can send lookups for this zone".

More information about the bind-users mailing list