delegation a zone to another nameserver
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Sat Oct 14 01:12:26 UTC 2000
>
> Mark.Andrews at nominum.com wrote:
>
> > >
> > >
> > > hello,
> > >
> > > i'm running 'bind-8.2.2_P3-0.5.2' and 'bind-8.2.2_P3-1'
> > > for linux redhat on the two dns-servers concerned.
> > >
> > > i've got the following problem:
> > >
> > > my machine is 'edvvie1.debis.edvg.co.at' and i'm delegating
> > > everything under net '10.95.x.x' to the server 'ns1.ams.or.at'
> > > using the wildcard '*'.
> >
> > This is illegal.
>
> Illegal or just ineffectual? If it really is illegal, perhaps BIND should rej
> ect
> the zone. Even BIND 9.0.0 appears to accept this construct...
Conceptually impossible under RFC 1034/1035. Wildcards are
"within" the zone. Delegation points are outside the zone.
The fact that it is syntactically to encode this does not mean
that it will work.
BIND 8.2.3 rejects it. BIND 9 still accepts a lot of things that
are illegal, e.g. multiple cnames, multiple wks records for the
same protocol. This will be corrected.
Mark
>
> Note to Wilhelm: the reason it doesn't work is because wildcards don't match
> across zone boundaries. Since the whole purpose of a delegation NS is to say
> "this
> is outside of my zone", then a wildcard delegation is doomed to fail. I clari
> fied
> this in my own mind by reading RFC 1034 Section 4.3.3 subsequent to my previo
> us
> response to you, so please just ignore what I said before about this possibly
> being a BIND bug. (I really ought to print out that section of the RFC and st
> ick
> it on my cube wall until I have it memorized, since wildcards always seem to
> trip
> me up.)
>
>
> - Kevin
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list