Parent not delegating

Minh Van Le mvanle at dingoblue.net.au
Fri Aug 17 09:10:16 UTC 2001


>>Does the parent name server require that it be a slave for the delegated
>>name servers ? Hence the parent ends up holding a copy of the delegated
>>zones and becomes an authoritative source for them.
> 
> No, the parent is not required to be a slave for the delegated
> nameservers.  If this were a requirement, the COM servers would all have
> to be slaves for hundreds of thousands of xxx.COM zones!
> 
>>My problem is fixed this way; obviously because (j1.orin.home.) now
>>becomes authoritative for (plip.orin.home.) via AXFRs.
>>
>>But doesn't this defeat the purpose of delegating zones ? ... When the
>>local name server, in this case (j1.orin.home.), receives a resolver
>>query for a host on (plip.orin.home.), isn't the local name server then
>>supposed to refer itself to the authoritative name server for
>>(plip.orin.home.) as stated by the record:
> 
> The purpose of delegating zones is to delegate responsibility for
> *maintaining* the zone.  The plip.orin.home domain will be updated by
> the administrator of l1.plip instead of the admnistrator of
> j1.orin.home.

I think the problem had to do with the cache or TTL somewhere.

I configured my ISP's name servers as forwarders for (orin.home.). Perhaps
for some reason my local name servers thought (plip.orin.home.) is an
offsite address and forwarded it to my ISP's name servers, and either
getting NXDOMAIN answers or errors from them. The local name server then
stores these answers as negative cache, and never consults the other NS
servers (which would be on the internal network) it knows about.

Taking a better look at what the "forwarders" option actually meant, I
decided to disable it. Things seem to be working now.

I should check the query log but can't be bothered. :)

> Note that if j1.orin.home is not authoritative for plip.orin.home, and
> it receives a query from another nameserver for something in the
> subdomain, the query will not have the Recursion Desired flag set; this
> flag is normally only set when a stub resolver is querying its local
> nameserver, not when nameservers query each other recursively.  In this
> case, j1.orin.home will return the referral rather than trying to
> contact l1.plip.orin.home itself.

That makes sense. You don't want your name servers doing all the work for
an outside host.


More information about the bind-users mailing list