domain keys and name-checking

Barry Margolin barmar at alum.mit.edu
Mon Oct 20 02:38:09 UTC 2008 

In article <gddkvk$1cbg$1 at sf1.isc.org>,
 "aklist" <aklist_bind at enigmedia.com> wrote:

> >> I do now <g>...I always did it without thinking about why it worked, 
> >> because
> >> it worked!
> >
> > Maybe it's time for you to read the "DNS & BIND" book and learn how all
> > this stuff works.
> 
> I do have the book, and I've used the examples therein to set up BIND, but I 
> didn't read it cover to cover...Cricket said this was OK <g>. Thanks for you 
> patience though.
> 
> >> but I'm still getting the error above for all the subzone A records?
> >
> > Those records all belong in the zone file for sub.domain.com, not
> > domain.com.  That's what "delegating a subzone" means -- the subdomain
> > data is all in its own files on the servers that you've delegated to
> > (the ones named in the NS records).
> 
> I understand that, but I was using DNS & BIND's example of "Creating a 
> Subdomain in the Parent's Zone"...which doesn't provide much detail...just 
> add the origin statment for the subdomain and the subdomain records under 
> it.
> 
> > If you're using all the same servers for both domain.com and
> > sub.domain.com, you don't need to delegate at all.  Get rid of the NS
> > records for sub.domain.com, the "zone" statement in your named.conf, and
> > then you can put these records in the
> 
> Oh, I wish you'd finish that statement!
> 
> FWIW: I thought I _wasn't_ delegating the subdomain by including it in the 

You said "subzone", so I assumed it was delegated.  The difference 
between a subdomain and a subzone is whether it's delegated.

> parent zone in my example...nor did I create any NS records for the 
> subdomain...all I did was append this to the end of the parent zone file as 
> the example shows, but I'm getting the out-of-zone error with this config.

There must be something elsewhere in the zone file or named.conf that 
tells it that the subdomain is in a separate zone.  Otherwise, it 
wouldn't complain about out-of-zone data.

Or you've made a typo that makes it look like these new records belong 
in a different zone.  As the other poster said, if you post the actual 
configuration and zone files, we should be able to tell.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list