NS records
Bill Owens
owens at nysernet.org
Tue Mar 13 13:35:57 UTC 2012
On Tue, Mar 13, 2012 at 08:26:02AM -0500, Daniel McDonald wrote:
>
> On 3/13/12 8:20 AM, "hugo hugoo" <hugobxl at hotmail.com> wrote:
>
> > ==> do I have to create in zone "toto.be" the following NS record:
> >
> > titi.toto.be. TTL IN NS ns1.xxx.be
> >
> >
> > I have found cases where this situation is present and other when it is not
> > present...and both cases seems to work.
> > What is the difference?
>
> The glue records aren't necessary when both the zone and subzone are on the
> same server, although it is good to have them for completeness. When the
> zones are on different servers you need the glue records.
That's true, and it also becomes a problem when you want to sign the zones with
DNSSEC; if there's no NS record in the parent, there can't be a chain of trust
from the parent to the child. Assuming that you'll someday want to sign
toto.be, you should put the parent NS records in place now.
Bill.
More information about the bind-users
mailing list