Recursion with in authoritative zone
Simon Waters
Simon at wretched.demon.co.uk
Fri Dec 20 21:13:59 UTC 2002
"Do, Ho cao (NIH/CIT)" wrote:
>
> NS.domainA.com (BIND 9.2.1) is an authoritative server for the domainA.com.
> NS.domainA.com's configuration file does not allow recursive query by
> implementing the ACL list: "allow-recursion {recursive-list;};".
>
> Every thing successfully performs as expected.
> Then the admin from domainB.com would like NS.domainA.com hosting
> domainB.com as a secondary name-server for domainB.com. Unfortunately, the
> domainB.com zone also has a sub1.domainB.com which was delegated to
> NS.sub1.domainB.com.
>
> When the internet users query host1.sub1.domainB.com in name-server
> NS.domainA.com, NS.domainA.com refuses to answer because it is not
> authoritative for any host in the sub domain (sub1.domainB.com).
Sounds like there are no glue records in domainB.com for the
delegation, recursion shouldn't enter into it, the server should
issue a referral to non-recursive queries for that subdomain,
just as do the root servers for the gtld-servers, and neither of
those layers user recursion.
i.e. they should add an A record to domainB.com for
ns.sub1.domainB.com
If they are using nsupdate they will need to use "zone
domainB.com" to make sure the update ends up in the right zone
file, otherwise 'vi' will do.
i.e.
nsupdate -k keyfile
> zone domainB.com
> nsupdate add ns.sub1.domainB.com. 86400 IN A 1.2.3.4
>
More information about the bind-users
mailing list