zone before delegation?

Laws, Peter C. plaws at ou.edu
Fri Oct 28 17:39:05 UTC 2011 

On Fri, Oct 28, 2011 at 04:48:10PM +0000, Laws, Peter C. wrote:
>> It seems like there are two ways I could delegate a zone.
>>
>> I could, in the zone file for the parent, simply list the name of the zone
>> and a number of NS records to which the zone has been delegated.
>>
>> Or, I could create a zone statement within named.conf that points to a file
>> that contains an SOA and a number of NS records to which the zone has been
>> delegated.
>>
>> Which is better and which should I prefer?

> Bill Owens owens at nysernet.org wrote:

>If I'm reading this correctly, both ;) I take it the same servers are authoritative for both parent and child, right? You can get away with just creating the new zone in named.conf and not delegating it properly in the parent, due to a quirk in BIND behavior; it always answers from its authority and the chain of resolution will always pass through the server (because it's authoritative for the parent). But when* you configure DNSSEC, the lack of NS records in the parent zone will break your configuration. So installing them now will save you that grief later.

>I don't think that the order is particularly important, since queries can't be answered until the zone is created and configured in named.conf, though I suppose that creating the zone first is slightly more correct.

Thanks.  That's the bit I was looking for,  SOME stuff is a quirk of BIND, like this. 

OK, so simply putting the NS records in the parent zone is sufficient to make it a separate zone.  No need to put stuff in named.conf unless I want to or until I actually delegate to a different set of nameservers.

My thought was to create the new zones as zones on the parent server as a prelude to actually delegating them, in a  sense, delegating the zone to myself.  That will let me clean stuff up and get it ready for the coming move.  

Yes, DNSSEC is, IMHO, much like IPv6 - no one wants to mess with it but a lot of people claim it's inevitable.  *Hopefully* both will end up like maglevs and monorails - "technology of the future: always has been, always will be".  :-)

--
Peter Laws / N5UWY

More information about the bind-users mailing list