conflicting subdomain delegation

Frank Liu gfrankliu at gmail.com
Fri Nov 16 05:28:24 UTC 2018 

That's an internal setting can't be exposed.
I created a public test name: test.c.b.jilapps.com
Should you see A record 1.2.3.4 or 5.6.7.8?

On Thu, Nov 15, 2018 at 8:25 AM Barry Margolin <barmar at alum.mit.edu> wrote:

> In article <mailman.818.1542216489.803.bind-users at lists.isc.org>,
>  Frank Liu <gfrankliu at gmail.com> wrote:
>
> > Thanks for confirming bind behavior matches what I saw.
> > I noticed other resolvers (eg: @8.8.8.8) works differently, c.b.a.com NS
> > host2 actually got used, not ignored as occluded data.
>
> That shouldn't be possible. The occluded data should never be given out
> by the authoritative server, so the resolver should never see it.
>
> Tell us the actual domains so we can see what's really happening.
>
> > Is this a bind specific implementation, not required by any RFCs?
> > >From authoritative dns perspective, Amazon Route53 allows you to add
> both
> > delegations in the a.com zone without any "out of zone data" error.
> >
> >
> > On Tue, Nov 13, 2018 at 1:50 PM Mark Andrews <marka at isc.org> wrote:
> >
> > >
> > > > On 14 Nov 2018, at 4:04 am, Frank Liu <gfrankliu at gmail.com> wrote:
> > > >
> > > > Hi,
> > > >
> > > > Is there a RFC determining which nameserver to use if there is a
> > > conflicting subdomain delegation?
> > > >
> > > > eg:
> > > > In the zone of a.com, there are two NS delegations
> > >
> > > This one is used.
> > >
> > > > b.a.com NS host1
> > >
> > > This one is ignored as it is occluded data.
> > >
> > > > c.b.a.com NS host2
> > > >
> > > > On host1 in zone b.a.com, there is
> > > > c.b.a.com NS host3
> > >
> > > Which is occluded data or glue depending upon the rest of the contents
> of
> > > the zone.
> > >
> > > > As you can see, there is a conflicting delegation for c.b.a.com. If
> I
> > > look a name d.c.b.a.com, will the nameserver host2 or host3 be used?
> > > > dig +trace seems to go to host2, but bind9 as a resolver goes to
> host3.
> > > > (the test was done on a centos7).
> > >
> > > dig +trace follows the returned delegations.
> > >
> > > > Any ideas?
> > > > Thanks!
> > > > _______________________________________________
> > > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > > unsubscribe from this list
> > > >
> > > > bind-users mailing list
> > > > bind-users at lists.isc.org
> > > > https://lists.isc.org/mailman/listinfo/bind-users
> > >
> > > --
> > > Mark Andrews, ISC
> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > > PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
> > >
> > >
>
> --
> Barry Margolin
> Arlington, MA
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181115/f43e88a6/attachment-0001.html>

More information about the bind-users mailing list