Delegation
Kevin Darcy
kcd at daimlerchrysler.com
Fri Dec 8 21:39:33 UTC 2000
BIND 8's named seems to have this nasty habit of dropping delegation NS records
when the parent zone is dynamically-updateable and it happens to also be slave for
the subzone. Most of the time this "doesn't matter" because the NS records in the
subzone will overlay the delegation NS records, even in a zone transfer. But if
you ever *stop* slaving the subzone, BIND 8's named does not regenerate the
delegation NS records, so essentially the subzone goes *poof*! I suspect that's
what happened here.
Hopefully BIND 9 handles things a little better.
- Kevin
Larry Sheldon wrote:
> [I have just rejoined this list after a long absence--and have elected not to
> obey the admonition that I read the list a few days before posting--a good idea
> but I am in a corner. I apologize in advance for an offense this may give.]
>
> We have recently started allowing "dynamic" updates and have therefor (of
> course) had to drastically change the way I maintain the master zone files.
>
> We have not in the past generally had any need to delegate subdomains and
> so the process was never one that I got comfortable with, but as I recall,
> I edited the master zone file for "creighton.edu" to insert two lines
> that looked like:
>
> examplesub.creighton.edu. 86400 IN NS esubns.examplesub.creighton.edu.
> esubns.examplesub.creighton.edu. 86400 IN A 147.134.X.Y
>
> and that seemed to work. And because me and "vi" were the only ones that
> updated the master zone file, this two lines stayed there until I took them
> out.
>
> Now in this brave new world--lines like that do in fact seem to make
> the delegation happen, but after a bit, the lines disappear out of the master
> zone file, although the delegation seems to still work.
>
> Until this morning, when it was brought to my attention that the delegation
> was gone.
>
> Until I did the same thing again and it now seems to be working again.
>
> The Questions:
>
> Am I doing this right?
>
> Where does the knowledge that a delegation has been made live if it is
> not in the zone file?
>
> And does anybody have a clue what happened to the delegation (current
> conjecture is that a Windows 2000 machine came on the network and
> "hijacked" the name, but I have no supporting evidence).
>
> And lastly, using 8.2.2-P7, can I get all dynamic updates (including
> details of the update) logged? (I have what I believe to be the right
> stuff in /etc/named.conf, but all I see is notice of disallowed updates
> but not the details of what was being attempted, and no notice at all of
> successful updates.)
>
> Thanks.
> --
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
> . .
> - L. F. (Larry) Sheldon, Jr. -
> . Unix Systems and Network Administration .
> - Creighton University Computer Center-Old Gym -
> . 2500 California Plaza .
> - Omaha, Nebraska, U.S.A. 68178 Two identifying characteristics -
> . lsheldon at creighton.edu of System Administrators: .
> - 402 280-2254 (work) Infallibility, and the ability to -
> . 402 681-4726 (cellular) learn from their mistakes. .
> - 402 332-4622 (residence) -
> . http://www.creighton.edu/~lsheldon Adapted from Stephen Pinker .
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
More information about the bind-users
mailing list