scope of zone files
Barry Margolin
barmar at genuity.net
Mon Jul 2 16:49:48 UTC 2001
In article <9hq18s$1m9 at pub3.rc.vix.com>,
Ian Marsh <ian.marsh at hants.gov.uk> wrote:
> I wonder if someone can clear something up for me regarding the 'scope' of
>zone files. I have just started looking at how we can tidy up our DNS
>configuration and I think there could be room for improvment with the
>'hants.sch.uk' domains that we run. Here's the problem:
>
>
> The 'hants.sch.uk' domain is owned by Nominet and they have no intension
>of releasing it to us (which is fair enough I guess). However, we do have a
>signifcant number 'sub' domains delegated to us.
>
>Delegated to us:
> site1.hants.sch.uk
> site2.hants.sch.uk
> site4.hants.sch.uk
>
>Not delegated to us:
> site3.hants.sch.uk
> site5.hants.sch.uk
>
> My question is... Is it OK to setup a zone in named.conf for
>'hants.sch.uk' or do I have to setup individual zones for
>'site1.hants.sch.uk', 'site2...' etc? (we currently have the latter) Things
>would be easier to manage with just the one zone file but I'm unclear on
>whether this is allowed/safe or not.
You must use separate zones for each subdomain that's delegated to you.
Since the hants.sch.uk domain isn't delegated to you, you should not
configure yourself as authoritative for it. When your server answers
queries, it would tell everyone else that it's authoritative for the whole
domain, and they may cache this in preference to the Nominet delegation
(see the thread regarding someone configuring a *.COM wildcard record on
their server -- it's the same problem, but with an even broader scope).
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list