domain delegation question

[Barry Margolin]

In article <94seuo$sv6 at pub3.rc.vix.com>,
Dean Larson  <deanlarson at bigfoot.com> wrote:
>
>thank you for reading this and your help.
>
>we are running a dns server off a firewall and want to do load balancing
>to a radware box.  radware requires that we delegate the domain to it,
>but instead of delegating an entire domain to it, they want the
>delegation to happen to a host record.  ie:  
>the dns server has a ns record for www.company.com
>the radware box gives the A record for www.company.com.
>
>this concept is the same under a cisco load director.

I think you mean Cisco Distributed Director.

>we have a provider, amoung many things, verifies how our dns servers are
>responding.  this delegation works fine under nt's older version of
>bind, but hangs on a solarius box running bind 8.   
>
>to me it seems like an incorrect way to delegate a domain.  i would have
>expected to see www.yyy.company.com (delegated domain would be

No, there's nothing wrong with this type of delegation.  What's the
difference between delegating www.company.com from the company.com domain,
with an A record on www.company.com, and delegating the company.com domain
from the com domain and having A and/or MX records on company.com?

>yyy.company.com).  did bind 8 change the way it looks at this
>delegation?  maybe thinking this type of delegation is some dns
>poisoning.  

The server performing the delegation doesn't look at the child server at
all (unless you're using "stub" zones).  It just sends out the NS records
to a client who queries it.  So it has no idea that the child has an A
record on www.company.com (not that it would care if it did).

I suggest you turn on debugging on your caching server to see what it's
doing when you try to look up www.company.com.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.