NS records and serial numbers

Erik Hensema erik at hensema.net
Sun Oct 19 16:40:13 UTC 2003 

On Sun, Oct 19, 2003 at 11:34:27AM -0400, rob at lexiconn.com wrote:
> > > - If a domain name has 3 nameservers, does the zonefile 
> *have* to 
> > > have all 3 listed as:
> > > IN NS ns1.
> > > IN NS ns2.
> > > IN NS ns3.
> > > I ask because some of our zonefiles on some nameservers do 
> not 
> > > list all 3 (We added a 3rd nameserver but some old records did 
> not 
> > > get updated). What problems could this cause?
> > > 
> > > - If using 3 master nameservers for 1 domain, does the serial 
> > > number have to be the same on all 3 nameservers, or is it 
> > > namserver specific?
> > 
> > I'm under the impression that you don't do zonetransfers between 
> > nameservers, is that correct?
> > 
> > Usually you would make one of the three nameservers the primary, and
> > that's the only server where you edit your zonefile. The other two
> > servers automatically do zonetransfers when the serial on the master is
> > higher than the serial of their local copy.  Then all records are
> > identical, including nameserver records and serials.
> 
> Our setup is 3 primaries, which we maintain via perl scripts. We 
> have chosen not to setup slave nameservers. That is why I am 
> asking what the implications are if the NS records are not identical / 
> missing one nameserver, or if the serial numbers are different, 
> etc...

A nameserver doing a recursive query for a record in your zone will first
go and fetch NS records from the registrar's nameserver (eg.
a.gtld-servers.net).
Then the nameserver will query your server and fetch _your_ NS records.
These records will be cached by the remote nameserver.
When remote nameservers see inconsistent data between your nameservers, the
load on your nameservers will not be evenly distributed, but otherwise no
problems are to be expected.
Remote nameservers will never do anything with the serial number.

However, I would strongly advice against this situation. Why would you want
inconsistent data between zones? Do you have three branches of your office,
each having their own internet connection, and each having their own
version of the zone, sharing a common set of records which are meant for
public view?
If this is the case, you may want to take a look at views in bind 9, or
better yet, use one subdomain per branch.

-- 
Erik Hensema (erik at hensema.net)

More information about the bind-users mailing list