RFC 6303 vs. BIND: NS ... has no address records (A or AAAA)
Irwin Tillman
irwin at princeton.edu
Mon Jan 9 22:13:56 UTC 2012
RFC 6303 says that a recursive nameserver should locally serve
a number of DNS zones. Section 3 provides this generic empty
zone for this purpose, in master file format:
@ 10800 IN SOA @ nobody.invalid. 1 3600 1200 604800 10800
@ 10800 IN NS @
The RFC notes:
"The NS RR is needed as some UPDATE [RFC2136] clients use NS queries
to discover the zone to be updated. Having no address records for
the nameserver is expected to abort UPDATE processing in the client."
Ignoring BIND's support for automatic empty zones for selected zones
for the moment, if try to load a zone in BIND using that zone file above:
zone "255.255.255.255.in-addr.arpa" in {
type master;
file "empty-inaddr-zone";
};
BIND 9.8.1-P1 rightly complains:
general: error: zone 255.255.255.255.in-addr.arpa/IN: NS '255.255.255.255.in-addr.arpa' has no address records (A or AAAA)
general: error: zone 255.255.255.255.in-addr.arpa/IN: not loaded due to errors.
Omitting the NS record from the zone file would allow the zone file
to load, but cause lookups to return SERVFAIL; that's not what we want.
--
Prior to RFC 6303, I'd instead use a zone file such as:
@ 10800 IN SOA @ bogus-mname-to-suppress-dynamic-updates.real-mname-is.myhost.example.com. 1 3600 1200 604800 10800
10800 IN NS myhost.example.com.
where "myhost.example.com." was replaced with a canonical name of "this" nameserver.
I'd ensure that myhost.example.com has an A-record
and that bogus-mname-to-suppress-dynamic-updates.real-mname-is.myhost.example.com would not have an A-record.
--
What's the recommended approach?
More information about the bind-users
mailing list