Interesting subdomain question.
kcd at daimlerchrysler.com
Tue Nov 23 22:54:32 UTC 1999
Alan Kirchhoff wrote:
> I have run into an interesting dns issue with a server under my
> This server is primary for domain z.com. Under z.com, there exists
> several subdomains for regional offices. such as:
> So far, no problem!
> But, in the zone file for z.com, subdomains a, b, and c are not officially
> delegated. There are no records in z.com's zone file like this:
> $origin z.com
> a 86400 IN NS ns1.a.z.com
> 86400 IN NS ns2.a.z.com
> ns1.a.z.com 86400 IN A 220.127.116.11
> ns2.a.z.com 86400 IN A 18.104.22.168
> The primary name server for z.com is a secondary of all of the subdomains
> in question. So the zone files for the subdomains are being pulled in from
> the relevant subdomain name servers.
> But when I check the zone transfers on the secondaries for z.com, the
> delegation information for a.z.com, b.z.com, and c.z.com is included in
> z.com zone transfer. Nothing on the primary for z.com is telling it about
> the subdomain delegation.
> >From my point of view, it is merging the zone info it is receiving, as a
> subdomain secondary, into the parent z.com zone file and then sending that
> out to z.com's secondary name servers.
> It all works, but, I can't figure out why it works. What is telling the
> primary for z.com to merge the z.com subdomains when z.com has not
> offically delegated them?
> There is no reference to the subdomains in the zone file for z.com. At
NS data from the master of a zone is always considered to be at least as
good, if not better, than delegation information from the zone's parent. The
primary for z.com has what it considers good NS records for the subzones --
via the zone transfers from the masters of the subzones -- and it therefore
includes them in outbound zone transfers of z.com. There used to be a bug
where the master of a parent zone and the master of a child zone, each being
secondary to each other's zone, could beget a "phantom" NS which would be
passed back and forth from cache to zone transfer to cache to zone transfer,
ad infinitum, but that bug was fixed long ago.
Is there a problem with this behavior? If you want the zones to be completely
separate, then they shouldn't be in the same domain hierarchy.
More information about the bind-users