NS and recursive? query

Joseph S D Yao jsdy at cospo.osis.gov
Tue Sep 7 18:06:07 UTC 1999


> Say the internic is pointed to server 1 for this domain but the actual
> resource records are on server 2. What I have is on server 1:
> 
> @                    server1.innercite.com.    root.countrydog.com. (
>                 1999090501      ; serial number
>                 10800           ; secondary refresh interval
>                 3600            ; secondary retry interval
>                 864000          ; secondary expire after about 10 days
>                 3600  )         ; TTL
> 
>                 IN      NS   server2.innercite.com.
> 
> innercite.com is the domain for our ISP and is working just fine.
> 
> Now I was hoping when the queries for stuff like mail.countrydog.com
> came to server 1 it would simply give an NS answer and the client
> resolver would go ask server2.innercite.com for the answer.
> 
> When I do a dig country.com @a.root-servers.net it comes back always
> with the two name servers I registered. But when I try to do a dig
> countrydog.com @127.0.0.1 from server1  it just prints out the soa
> record and never references to the NS record.

Of course not.  Why should it?

If you declare any name servers as "authoritative", that means that ANY
ONE OF THEM has ALL of the resource records.  EACH one is IT, is THE
ONE, is THE ONLY SOURCE YOU NEED, is THE authoritative name server.
Each and every one.

You can't play silly little games like, guess where type X resource
record is today.  What if the place where you stashed type X resource
record is unreachable or down today?  The resolver will NOT play
skipping games with NS records, either.

You have multiple servers for one reason and one reason only.  To have
COMPLETE and AUTHORITATIVE, up-to-the-minute, COMPLETE information on
your entire zone.  The resolver will ONLY ask ONE "authoritative"
server, and will assume that it can get everything from there.  If that
is not true, that's only because the hostmaster for this domain has
broken this model.

You may have the "master" name server, named in the SOA record, be an
"unlisted" name server.  Other than that, all name servers for a given
zone must be listed in NS records in your zone file.  Otherwise, they
are unusable, and not really name servers.  And it would behoove you to
list at least two with the InterNIC.

Make sense?

--
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.


More information about the bind-users mailing list