stealth NS, delegated zone and forward zone

Kevin Darcy kcd at daimlerchrysler.com
Tue Feb 7 21:48:21 UTC 2006 

Frank Y.F. Luo wrote:

>two questions and thanks for the reply in advance.
>
>1) since stealth name server is not listed as the NS record in the zone
>file, so where do we define a name server as a stealth one?
>
There are two types of slave servers: published slaves and stealth 
slaves. If you're in the NS records for the zone, you're a published 
slave; otherwise you're a stealth slave. There is no extra "definition" 
required to make a slave a stealth slave: just define the nameserver 
instance as a slave, and leave it out of the NS records.

>2) How can we determine a zone is a delegated zone or a forward zone,
>instead of secondary authoritative zone?
>  
>
Either a nameserver instance is authoritative for a given zone, or it is 
not. If it is authoritative, it should answer with the AA bit on in its 
responses. Now, if a nameserver instance is authoritative for a given 
zone, you can't tell for sure whether it's master or slave, but why do 
you care? That's something that matters to the authoritative servers 
themselves, but DNS clients shouldn't care about the distinction. Sure, 
the MNAME field of the SOA RR should designate the master, but this is 
advisory at best.

If a nameserver instance is *not* authoritative for a particular zone, 
then there are multiple ways that it can still resolve names in the 
zone. It could be set up to forward queries to some other nameserver 
instance(s), it could be set up as a "stub" for the zone (where it only 
replicates the "top" of the zone, i.e. SOA and NS records, and figures 
out the rest via iterative resolution), or it could just resolve names 
in the zone through pure iterative resolution, where maybe the only 
"hardcoded" information is the "hints" information for the root zone, 
used at startup.

You also mentioned "delegated". A delegated nameserver for a zone *must* 
be authoritative for the zone, otherwise it's what we call a "lame 
delegation".

So, with that background information established, would you like to 
rephrase your question?

- Kevin

More information about the bind-users mailing list