Poor form to use domains for delegation?
Kevin Darcy
kcd at daimlerchrysler.com
Sat Jun 25 00:30:49 UTC 2005
MattK wrote:
>Doesn't look like there is anything in the spec's that dictate a
>delegated container should be a zone not a domain - but is this
>acceptable...
>
>Some background:
>Split horizon DNS - inside / outside
>Parent zone example.com authoritative on both DNS.
>Sub zone sub.example.com delegated from inside to outside
>Outside DNS hosts domain sub.example.com
>
>When I do a recursive query to inside for NS sub.example.com I get
>NXDOMAIN, although when I query for RR's in sub.example.com I get
>results.
>
Are you *sure* that the inside example.com zone has a delegation for
sub.example.com? If that delegation exists, you should either get
answers, a referral (if the inside nameserver is not recursing for you),
or you should get a timeout (if the inside nameserver can't talk to the
outside nameserver). Offhand, I can't think of any scenario where you'd
legtimately get NXDOMAIN for a properly-delegated subzone...
Please bear in mind, if you're using nslookup to test this, that
nslookup often *lies* about its query results (that NXDOMAIN may be
coming from a searchlist'ed version of what you asked for). Try "dig"
instead.
>I am not replicating sub.example.com - so is there any
>requirement for SOA and NS records for this domain on the outside DNS?
>
A zone needs SOA and NS records regardless of whether it is replicated
or not.
- Kevin
More information about the bind-users
mailing list