Master for domain as set in SOA is not visible to world

Cricket Liu cricket at
Wed Mar 8 21:26:12 UTC 2000

> I understand that - but *even* if the master loads correctly, it will
> return answers to queries as "non-authoritative" if it doesn't recognize
> itself in either the SOA
> or NS records - at least, that is the behavior I have observed  (for
> example, if I use an name for a multihomed box which is not the same as
> that returned by 'hostname').

I have *never* seen this behavior in any version of BIND.  BIND name
servers consider themselves authoritative, and answer authoritatively,
according to the rules Barry cited, whether or not the name server
appears in the NS list or the SOA record for the zone.

> I am simply saying I am willing to accept
> this behavior to gain the advantage of hiding the
> fact that my master is an internal box whose existence I do not want known
> to the world.  Your definition of "should do" may fit some situations, but
> I am not yet
> convinced it fits mine, and I am just asking if there are other negative
> consequences of which I should be aware.
> Are there?

This behavior, if it did exist, wouldn't work at all, because slave name
servers won't transfer a zone from a name server that answers non-
authoritatively to queries for data in the zone (in particular, to the
query for the zone's SOA record).  Running a hidden primary master
won't help you if you can't configure slaves to load from it.


Acme Byte & Wire
cricket at

Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class!  See for
the schedule and to register for upcoming classes.

More information about the bind-users mailing list