"Extra" NS on zone file can be used?

Jesus Couto jesus.couto at innosec.es
Fri Aug 11 18:14:54 UTC 2000 

Hi,

	I have read in a few places (for example, Question 2.17 of the
comp.protocols.tcp-ip.domains FAQ) that the NS records for a zone
defined inside the zone file arent really used... again from the FAQ:

"They're essentially unused, though they are returned in the authority
section of reply packets from your name servers"

	So, lets say I add a NS record inside, say, "test" zone file listing
"dada.ext" as
a nameserver for it. A query for a name inside test (say, a.test) will
return the NS as listed in the zone file. It will cause the server to
fetch the A record for "dada.ext", and the next query into "test" will
have that address into the Additional Info section of the answer. (All
this checked using nslookup at d2 level and query logging on the "ext"
server, but I may be wrong).

	So, then, the server that did the second query into test will have the
full list of NS as listed in the zone file and the address for all of
them in the cache, right? And that  means that on further queries from
that server, the "extra" server will be used for some of them, right?
Thats what I'm thinking, but as it contradicts whats the FAQ states, I
want some confirmation.

	All this comes from playing with nsupdate and hidden masters... because
a) the server only does the updates if its listed as the MNAME on the
SOA of the zone and b) nsupdate only sends the updates to the MNAME
server if its also a NS for the zone, I thought that, to have a hidden
master, we could list the "real" server, on a private IP net and a
private domain, on the NS of the zone file. Ex.:

$ORIGIN mypublicdomain.com
		
	82400	IN	SOA	master.priv. root.mypublicdomain.com. (
		2 1000 1000 1000 7200 )	
	82400	IN	NS	ns1.mypublicdomain.com.	
	82400	IN	NS	ns2.mypublicdomain.com.	
	82400	IN	NS	master.priv.

but if at the end this means that the public servers ns1 and ns2 are
going to start propagating that master.priv is an NS for
mypublicdomain.com and giving away its private IP, then making servers
on the internet to try to query that when doing lookups into
mypublic.domain.com, its going to be ugly. (In any case, to solve this,
I'm either going to use the perl Net::DNS module or rewrite nsupdate or
the resolver lib to send queries to a given server instead of using the
NS listed at the zone). 

	So, its this analysis right, and "extra" NS on the zone files will be
used by external nameservers? Its then necessary to list as NS on a
public zone only public, reachable nameservers?

	Thanks in advance to whoever steps in and clarify this issue for me; 

									Jesus Couto F.

More information about the bind-users mailing list