glue records in child zone
Matthew Pounsett
matt at conundrum.com
Thu Oct 23 16:27:11 UTC 2008
On 23-Oct-2008, at 11:59 , Valentin Nechayev wrote:
> Hi,
> this question seems to be almost FAQ, but I can't find answer to it.:(
> We have got strange reaction of newer BIND versions to glue records
> which point into child zone.
>
> Consider domain "example.org" with glue record:
I'll start by saying there may be some nuance of the RFC that I'm not
grasping, and I'm sure Mark or someone will pipe up if I get this
wrong... that said...
I belive your problem is that, once you have a zone cut in place (a
delegation to a subzone) then the parent zone is no longer
authoritative for anything below that cut. In your example, the
parent zone (example.org) delegates authority for hq.example.org, and
so it is not authoritative for anything at or below that domain..
which means that it can't give an authoritative answer for
ns1.hq.example.org.
It can provide glue for ns.hq.example.org because that is necessary
for the delegation to work, but that glue is actually passed as non-
authoritative data.
If you really want to use a host in the subzone as the name server for
the parent zone, then you should remove the ns1.hq.example.org host
from the example.org zone. I don't recommend this, however.. even if
it's technically permissible, it seems likely this could cause some
problems higher up the delegation chain. My recommendation would be
to make sure that the authoritative servers for the example.com zone
are within that zone, not within some subzone.
HTH,
Matt
More information about the bind-users
mailing list