Parent not delegating

Barry Margolin barmar at genuity.net
Thu Aug 16 15:36:58 UTC 2001 

In article <9lfocv$4nd at pub3.rc.vix.com>,
Minh Van Le <mvanle at dingoblue.net.au> wrote:
>
>In article <9le51m$r56 at pub3.rc.vix.com>, "Barry Margolin"
><barmar at genuity.net> wrote:
>
>> In article <9le1mj$q7e at pub3.rc.vix.com>, Minh Van Le
>> <mvanle at dingoblue.net.au> wrote:
>>>My parent zone isn't delegating a subdomain properly. The parent doesn't
>>>seem to be referring a query to the delegated subdomain's name server.
>>>
>>>The nslookup for host l2 (l2.plip.orin.home.) doesn't work when queried
>>>on the parent host j1 (j1.orin.home.). Details below:
>> 
>> Since you didn't set the "norecurse" flag before querying the parent
>> server, it apprently tried to forward the query to l1.plip, and it got
>> error.  Perhaps it tried to send to the 200.0.0.1 address instead of
>> 192.168.0.5, and the former address doesn't work.
>> 
>> I suggest you use dig rather than nslookup for troubleshooting this. The
>> problem with nslookup is that it gives the same "Non-existent
>> host/domain" error message for many different errors.  It's useful to
>> see the detailed error code, which dig displays.
>
>Does the parent name server require that it be a slave for the delegated
>name servers ? Hence the parent ends up holding a copy of the delegated
>zones and becomes an authoritative source for them.

No, the parent is not required to be a slave for the delegated
nameservers.  If this were a requirement, the COM servers would all have to
be slaves for hundreds of thousands of xxx.COM zones!

>My problem is fixed this way; obviously because (j1.orin.home.) now
>becomes authoritative for (plip.orin.home.) via AXFRs.
>
>But doesn't this defeat the purpose of delegating zones ? ... When the
>local name server, in this case (j1.orin.home.), receives a resolver query
>for a host on (plip.orin.home.), isn't the local name server then supposed
>to refer itself to the authoritative name server for (plip.orin.home.) as
>stated by the record:

The purpose of delegating zones is to delegate responsibility for
*maintaining* the zone.  The plip.orin.home domain will be updated by the
administrator of l1.plip instead of the admnistrator of j1.orin.home.

Note that if j1.orin.home is not authoritative for plip.orin.home, and it
receives a query from another nameserver for something in the subdomain,
the query will not have the Recursion Desired flag set; this flag is
normally only set when a stub resolver is querying its local nameserver,
not when nameservers query each other recursively.  In this case,
j1.orin.home will return the referral rather than trying to contact
l1.plip.orin.home itself.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list