Private Zones and Deligation bind9.7.2

[Jay Ford]

On Mon, 6 Dec 2010, Martin McCormick wrote:
> the config for this private zone is:
>
> zone "r.ds" {
> 	type master;
> 	file "/etc/namedb/master/r.ds.zone";
>            allow-update {
> key updsrv;
> };
>        allow-query { any; };
> #a list of slaves
> include "/etc/zoneconfigs/stwnotify";
> 	notify yes;
> };

You configured this server to be master for the r.ds zone, which tells this
server that it is authoritative for names in that zone.  If it gets a query
for a resource record in that zone which it doesn't know, it will answer
authoritatively with a negative answer (either NXDOMAIN if the name doesn't
exist at all, or NOERROR with no "answer" data if the name exists but not
with the queried type).  NS records in a zone don't cause an authoritative
server to send queries elsewhere, because the server knows the answer by
virtue of being authoritative for the zone.

The NS records you list will direct *other* resolvers which see those NS
records to send queries for names in r.ds to the targets of the NS records,
but any queries for names in r.ds which end up at your server will get
handled as described above.

What you probably want to do is add something like the following to the 
parent "ds" zone:
    r           IN  NS  stwrdc02.r.ds.
                IN  NS  stwrdc03.r.ds.
    stwrdc02.r  IN  A   192.168.1.1
    stwrdc03.r  IN  A   192.168.1.2
then get rid of the r.ds zone definition on your server.

Your subject line includes "private".  What is it that's private about this
situation?

________________________________________________________________________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-ford at uiowa.edu, phone: 319-335-5555, fax: 319-335-2951