BIND's Implementation of Zones/"Subzones"
Barry Margolin
barmar at alum.mit.edu
Tue Aug 26 01:13:11 UTC 2008
In article <g8vkke$18jg$1 at sf1.isc.org>, Eric <ekdar.usenet at gmail.com>
wrote:
> On Aug 22, 8:27 am, Alan Clegg <Alan_Cl... at isc.org> wrote:
> > Eric wrote:
> > > aaa.example.com. NS ns2.example.com
> >
> > > If I place that record in /etc/bind/db.example.com on ns1.example.com,
> > > ns1.example.com will not return the NS record for ns2.example.com as a
> > > result when queried.
> >
> > Can you give an example of exactly what you did to show this?
> >
> > Did you try "dig @ns1.example.com +norec aaa.example.com ns"? If so,
> > what were the results?
> >
> > What NS records do you have in the aaa.example.com zone? Do they match
> > what you have in the parent?
> >
> > AlanC
>
> My claim is that the "dig @ns1.example.com +norec aaa.example.com ns"
> query will not return ns2.example.com if I have added the
> ns2.example.com NS record to only the db.example.com file (and not to
> db.aaa.example.com). I have tested that and found it to be true.
>
> This excerpt from section 4.3.2 of RFC-1034 explains why I think this
> functionality is wrong:
>
> 2. Search the available zones for the zone which is the nearest
> ancestor to QNAME. If such a zone is found, go to step 3,
> otherwise step 4.
>
> 3. Start matching down, label by label, in the zone. The
> matching process can terminate several ways:
>
> a. If the whole of QNAME is matched, we have found the
> node.
>
> So, assuming that the QNAME of the NS query is "aaa.example.com",
> isn't example.com its nearest ancestor? And shouldn't we therefore
> find the ns2.example.com entry in the db.example.com zone file?
No, its nearest ancestor is aaa.example.com, i.e. the zone with the same
name as the domain.
If you fixate on the regular English definition of "ancestor", which
doesn't include the null case where you're your own ancestor, then how
would you find ANY of the records attached to the zone name (e.g. the
SOA record), which are normally only defined in the zone itself? So
even though I don't think the RFC ever says it explicitly, I think it's
obvious that the null-ancestor case is included.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list