Question about automatic promotion of NS records

[Simon Waters]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Roberts wrote:
>
> Is that right?

I try not to do BIND 8 but yes I think you are right.

> Now in BIND 9, apparently this doesn't happen any more, but is it
> really an issue?

Yes - nasty idea having a computer putting NS in my parent zones
for me, definitely best lost this feature.

> As the server is authoritative for both parent and
> sub-domains anyway we can still get away without adding the
delegation
> records into the parent zone, but what side-effects does this
have?

Slaves that have only parent zones won't work.

If you leave them out and a child zone becomes toast, you
suddenly revert to slave with only parent zone - bad things can
now happen - probably NXDOMAIN instead of the correct answer --
I'm guessing but it doesn't sound good to me.

> From a purists perspective I know it's not strictly correct
and that
> you "should" have delegation records in the parent zone but
what are
> the advantages? All my slaves are authoritative for both
parent and
> sub-domains and the guys here are asking why they should
bother adding
> the NS records and I can't give them a concrete answer.

Why don't you put all the records in one zone file?

zone != domain

I prefer to keep zone corresponding to domain as it is easier to
think about (this is a big plus in my book), and easier to
change around quickly, and should I make a mistake (which of
course never happens) I may with luck break less.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+GxnnGFXfHI9FVgYRAkNKAJ9XyiaRDcYQoWRrws6tqLK6hiZsswCeOrSk
AyNJoF+WvVaseKfDP8SQwz8=
=pnyG
-----END PGP SIGNATURE-----