Chained NS delegation: RFC compliant or not?
Kevin Darcy
kcd at daimlerchrysler.com
Tue Oct 26 17:31:16 UTC 2004
Andreas Meile wrote:
>Dear BIND users
>
>Recently, I would visit a web site hosted by a German company. The problem:
>I can't visit it because I get a lot of
>
>Oct 10 22:28:47 pingu named[153]: Lame server on 'ns1.foobar.de' (in
>'foobar.de'?): [192.36.144.211].53 'H.NIC.de'
>Oct 10 22:28:48 pingu named[153]: Lame server on 'ns1.foobar.de' (in
>'foobar.de'?): [210.81.13.179].53 'K.NIC.de'
>Oct 10 22:28:48 pingu named[153]: Lame server on 'ns1.foobar.de' (in
>'foobar.de'?): [81.91.161.5].53 'A.NIC.de'
>Oct 10 22:28:48 pingu named[153]: Lame server on 'ns1.foobar.de' (in
>'foobar.de'?): [193.0.0.237].53 'F.NIC.de'
>
>in my local name server which runs as BIND named. The analysation shows the
>following situation:
>
>pingu:~ # host -t ns site-i-want-visit.de
>site-i-want-visit.de name server ns2.foobar.de
>site-i-want-visit.de name server ns1.foobar.de
>pingu:~ # host -t ns foobar.de
>foobar.de name server ns3.delegated-again.net
>foobar.de name server ns.delegated-again.net
>foobar.de name server ns2.delegated-again.net
>pingu:~ # _
>
>i.e. this webhoster ISP implemented a chained delegation. At my knowledge,
>this violates RFC 1912, section 2.8. Could anyone agree or disagree that?
>
RFC 1912 is an informational RFC, so there's no such thing as
"violation". I think "chained delegation" is bad terminology also, since
it implies a "delegation to a delegation", which is not the case here.
There's absolutely nothing wrong with having a domain delegated to
nameservers in one TLD (e.g. .de), where the names of the nameservers
themselves are in some other TLD (e.g. .net). In fact, this is a
necessity, unless every TLD is going to be self-contained (would you
want to have to put the names of your reverse-zone nameservers under the
.arpa TLD?).
It sounds like you want to make some sort of big lawyerly deal out of
this situation, but really it's just a simple case of lame delegation,
and should be treated as such.
- Kevin
More information about the bind-users
mailing list