How many NS records should be in the 0.0.127.in-addr.arpa zone?

Jim Reid jim at mpn.cp.philips.com
Mon Sep 20 15:17:00 UTC 1999


>>>>> "Andy" == Andy Cranston <Andy.Cranston at RSL-Europe.com> writes:

    Andy> According to the DNS and BIND book the zone file for
    Andy> 0.0.127.in-addr.arpa should contain an NS record for each
    Andy> server in your domain (see the 3rd edition page 67).  First
    Andy> question - is this a correct assumption?

Well if it's in the book, it must be true... :-)

Actually, you probably want to configure each of your name servers as
master for the localhost and 0.0.127.in-addr.arpa zones and arrange
that these just have 1 NS record pointing at themself. ie Each of
your name servers is authoritative for these zones and since there's
only 1 NS record which points at itself, there's nothing to
NOTIFY. This works just fine as long as these zones don't change,
which they shouldn't do after they are first set up.

    Andy> The reason I ask is that when named starts it sends a NOTIFY
    Andy> for each primary zone to the name servers identified by the
    Andy> NS records (except itself of course).  I got to thinking
    Andy> that the 0.0.127.in-addr.arpa zone will have notify requests
    Andy> sent to my secordary name servers which will get ignored as
    Andy> they aren't secondarying 0.0.127.in-addr.arpa.  Second
    Andy> question - am I still on track here?

Yes. But if you list your internal name servers in the NS records for
these zones you really should configure those servers to hold copies
of those zones. That way you don't get lame delegations for localhost
and 0.0.127.in-addr.arpa because the NS records point at name servers
which don't have copies of these zones.

    Andy> So to my mind (and as far as DNS goes it's a pretty small
    Andy> mind :-) I reckon that the only NS record in the zone file
    Andy> for 0.0.127.in-addr.arpa zone should be for the name server
    Andy> the db.127.0.0 file resides on.  Third question - is this
    Andy> correct or will I break something by doing so?

You're correct and it won't break something. If there's only one name
server for the loopback zones in your net and it dies, probably
nothing locally will be able to lookup the A record for localhost or
the PTR record for 1.0.0.127.in-addr.arpa. This may well break
something. So if every one of your name servers has its own copy of
these zones, there's no problem. The single point of failure has been
eliminated. [Whether this is by making each one a master (primary) or
slave (secondary) for the zones doesn't really matter much.] And since
those name servers should always be authoritative for these two zones,
it shouldn't really be necessary to have extra NS records pointing at
other name servers. See RFC1912. It recommends that every name server
is configured as master (primary) for the 0.0.127.in-addr.arpa and
localhost zones.


More information about the bind-users mailing list