Master for domain as set in SOA is not visible to world

[Cricket Liu]

> I understand that - but *even* if the master loads correctly, it will
> return answers to queries as "non-authoritative" if it doesn't recognize
> itself in either the SOA
> or NS records - at least, that is the behavior I have observed  (for
> example, if I use an name for a multihomed box which is not the same as
> that returned by 'hostname').

I have *never* seen this behavior in any version of BIND.  BIND name
servers consider themselves authoritative, and answer authoritatively,
according to the rules Barry cited, whether or not the name server
appears in the NS list or the SOA record for the zone.

> I am simply saying I am willing to accept
> this behavior to gain the advantage of hiding the
> fact that my master is an internal box whose existence I do not want known
> to the world.  Your definition of "should do" may fit some situations, but
> I am not yet
> convinced it fits mine, and I am just asking if there are other negative
> consequences of which I should be aware.
>
> Are there?

This behavior, if it did exist, wouldn't work at all, because slave name
servers won't transfer a zone from a name server that answers non-
authoritatively to queries for data in the zone (in particular, to the
slave's
query for the zone's SOA record).  Running a hidden primary master
won't help you if you can't configure slaves to load from it.

cricket

Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com

Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class!  See www.acmebw.com/training.htm for
the schedule and to register for upcoming classes.