using slave on un-published network??

Bob Vance bobvance at alumni.caltech.edu
Tue Feb 6 18:20:28 UTC 2001 

Simmen,

>why am i giving "@  IN A  123.123.123.123" insted of
> ns1   IN  A   123.123.123.123
> ns2   IN  A   321.321.321.321
> or in other words when the A record of the NS is deefined
> do we have to define it like "@  IN  A  123.123.123.123"

This is kind of like asking,

   "Why am I wearing brown shoes, instead of eating a sandwich?"
:)

The question seems to imply (at least to me :) that you think that using
"@" is somehow related to the nameserver records ("NS") .

>"@  IN A  123.123.123.123"
and
> ns1   IN  A   123.123.123.123

really are totally unrelated.

At the beginning of the zone file, you usually do a few things:
  . define a default $TTL :)
  . define an SOA record
  . define the NS records (nameservers)
  . for any of the above nameservers that are *in* this zone,
    define an A (address) record -- just like you would for any other
    hosts in this zone


The "@" has no special significance for the above, other than that a
freestanding "@" is shorthand for the zone's "current $ORIGIN".  It
merely saves typing (and makes the zone file portable, if that's a
desideratum).


@  IN  A  123.123.123.123

has nothing to do with the nameserver records (ns1 and ns2),
just like

yoho   IN  A  123.123.123.123

doesn't.

The "@" is merely replaced by the zone's "current $ORIGIN", which is
"abc.net." at this point, and thus,

@  IN  A  123.123.123.123

is equivalent to

abc.net.  IN  A  123.123.123.123


This, in effect, is simply assigning an address to the domain name (as
opposed to names *within* the domain).  This is typically used so that
Internet users can use "abc.net" instead of "www.abc.net" in the URL to
access your abc.net's web server (e.g., this is how "yahoo.com." goes to
their web server).  E.g.,

@    IN  A  1.2.3.8   ;  address for name  "abc.net."
www  IN  A  1.2.3.8   ;  www also has that address and is the same host


You are correct that the NS records *do* need corresponding A records,
since they are in *this* zone:

>   @   IN  NS   ns1.abc.net.
>   @   IN  NS   ns2.abc.net.
>   @   IN  A    123.123.123.123

but the third line has nothing to do with satisfying that requirement.
The additional records that you need are

ns1  IN  A  1.2.3.4
ns2  IN  A  1.2.3.5

(or
ns1.abc.net.  IN  A  1.2.3.4
ns2.abc.net.  IN  A  1.2.3.5
)

So your zone file for abc.net. would look like:
   ...
@   IN  NS   ns1.abc.net.
@   IN  NS   ns2.abc.net.
@   IN  A    123.123.123.123
ns1 IN  A  1.2.3.4
ns1 IN  A  1.2.3.5



FYI, I think that Kevin's answer may have had a couple of statements
that could be misleading (correct me if I'm wrong, Kevin :) :

1.
>when you use "@" on the righthand side  ...
> ... but when you put "ns1" or "ns2" on the righthand side,

I think that he meant "left-hand side", which relates to what you wrote.
   (BTW, you *could* use freestanding "@" on the right side, as in:

@   IN  A    1.2.3.4
    IN  NS   @

    In this case we've defined an address for the domain name, as
    discussed above -- and that host is also a nameserver for the
    zone.
    but I don't think that that adds to the clarity in any way :)
   )


2.

>>  @  IN  NS  ns1
>>             ns2
>> ...can i ???

>Sure. The parser substitutes "@" for the leading whitespace.

Technically, the parser substitutes the owner name from the *previous*
record for the leading whitespace.
Of course the result is what Kevin said, because it just so happens that
the previous record's owner was  "@"  :)

But, just be sure to know that

www  IN  A  1.2.3.7
     IN  A  1.2.3.8

is equivalent to :

www  IN  A  1.2.3.7
www  IN  A  1.2.3.8

not

www       IN  A  1.2.3.7
abc.net.  IN  A  1.2.3.8


-------------------------------------------------
Tks        | <mailto:BVance at sbm.com>
BV         | <mailto:BobVance at alumni.caltech.edu>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430           11455 Lakefield Dr.
Fax 770-623-3429           Duluth, GA 30097-1511
=================================================





-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Kevin Darcy
Sent: Monday, February 05, 2001 11:30 PM
To: bind-users at isc.org
Subject: Re: using slave on un-published network??



simmen wrote:

> hello all..
> (hope u guys r all ok)
> i have 3 questins...
> 1.. what effect it will have on the DNS/primary if the secoundry is on
an unpublished network....??

Is it a *registered* slave or an unregistered one? If it's unregistered,
then it shouldn't have any effect on the master at all (assuming there
is connectivity between master and slave).

If it's a *registered* slave, and no-one on the Internet can get to it
because it's on an unpublished network, then, since DNS load-balances
between nameservers, it means the other nameservers -- including perhaps
the master -- will get all of the
queries that would normally have gone to that slave spread amongst them.
It will also slow down name resolution somewhat and potentially annoy
people.

Maybe you should use split DNS instead.

> 2.. i am a bit confused about a thing...i.e
> lets suppose i have multiple zones..(as masters)
> lets say 1 is abc.net..and the other is xyz.net
> my NS's r configured as nsp.abc.net//(P) and nss.abc.net//(S) in
abc.net.
> Now in the zone file of xyz.net i configure the NS record as
> nsp.abc.net.&.nss.abc.net..(naturally)...but i dont give the A records
for the nsp.abc.net..and nss.abc.net..because of the reason that when
the NS record is found of the nsp amd nss in the xzy.net...the DNS will
get the A  from the  abc.net ZONE...
> am i right..till now..??? (if ! 0  then ..:-))what if put the A
records of the nsp and nss next to the NS records in the xyz.net..
> will that work...??? or will it still go to the abc.net for the A
records...???

If you put A records for nsp.abc.net and nss.abc.net in the xyz.net zone
file, BIND will reject them as "out of zone data". They belong in the
abc.net zone file (and possibly also in the nsp.abc.net and/or
nss.abc.net zone files if those are delegated
subzones).

> 3..ok its the last 1..:-)
>  // a zone file of abc.net...
>
>   @   IN  NS   ns1.abc.net.
>   @   IN  NS   ns2.abc.net.
>   @   IN  A    123.123.123.123
>
> 3.1>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> i know that i can  als o define it as
>  @  IN  NS  ns1
>             ns2
> ...can i ???
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Sure. The parser substitutes "@" for the leading whitespace.

> 3.2
> why am i giving "@  IN A  123.123.123.123" insted of
> ns1   IN  A   123.123.123.123
> ns2   IN  A   321.321.321.321
> ?????
> or in other words when the A record of the NS is deefined
> do we have to define it like "@  IN  A  123.123.123.123"
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

No, when you use "@" on the righthand side (either explicitly or by
following "@" entries with leading-whitespace entries), you're defining
an A record for "@" (i.e. abc.net), but when you put "ns1" or "ns2" on
the righthand side, you're defining an
A record for "ns1.abc.net" or "ns2.abc.net". Even though the address for
"@" and "ns1" may be the same, the names of the records are different.

                                                                        
                                                                        
    - Kevin

More information about the bind-users mailing list