out of zone NS records

Doug Barton DougB at gorean.org
Wed Mar 14 02:01:04 UTC 2001

"Lee, Elizabeth" wrote:
> I have been tasked with bringing a group of nameservers into a standard
> alignment respective to their functions.  These servers were all running
> BIND 8.1.1, 8.1.2 or 4.9.3, and had enjoyed little attention over the years.

	Lucky you.

> Though I have many years of UNIX administration experience, I am a BIND/DNS
> novice; be aware that I am RTFM (including the O'Reilly book), poring over
> RFCs and still recovering from the flames I suffered LAST time I asked a
> question in this group.

	Fuck 'em if they can't take a joke. There are two problems in this group.
The first is the constant flood of completely clueless people who write
sometimes hundreds of messages a day without taking even the most
rudimentary steps to help themselves. The second is the wide range of burnt
out, arrogant, unqualified, or otherwise unhelpful people who frequently
respond (note, I did not say answer) questions posed to the list. Everyone
needs a hobby I suppose. 

> I have found and corrected most of the errors except for these NS records in
> each zone file:
> osc.uscg.mil.   IN      NS      netman.osc.uscg.mil.
> osc.uscg.mil.   IN      NS      sarpro1.osc.uscg.mil.
> osc.uscg.mil.   IN      NS      sarpro2.osc.uscg.mil.
> ;
> netman.osc.uscg.mil.    IN      A
> sarpro1.osc.uscg.mil.   IN      A
> sarpro2.osc.uscg.mil.   IN      A
> which generate the following errors:
> Mar  2 17:37:22 ddnmail named[14094]: fnoc.navy.mil:92: data "osc.uscg.mil"
> outside zone "fnoc.navy.mil" (ignored)

	You are correct in your assessment that you can't include those A records
in the fnoc.navy.mil zone. However you do have a couple options. First off,
assuming that you can convince the admin of the osc.uscg.mil zone to add
the A records, you're golden. You can have NS records pointing to any host
you want, as long as it's a real host, not a cname. 

	Your next option is to create hosts in your zone for the nameservers, and
point the NS records at them. Something like:

osc.uscg.mil.	IN	NS	ns1.osc.uscg.mil.

ns1.osc.uscg.mil. IN	NS

Finally, you could choose the prefered option of aligning the NS records in
your zone with your delegation. :)

fnoc.navy.mil.          17h53m42s IN NS  DDNMAIL.fnoc.navy.mil.
fnoc.navy.mil.          17h53m42s IN NS  METOC.fnoc.navy.mil.

METOC.fnoc.navy.mil.    18h50m13s IN A
DDNMAIL.fnoc.navy.mil.  18h50m13s IN A  

I did get an answer from, queries to timed out. If
you need to re-delegate this zone to the three nameservers you listed
above, you should choose one of the first two options I mentioned above,
and then make sure that the owner of mil. (or navy.mil., I'm not sure how
they handle the mil. zone) updates their delegation for you.

Hope this helps,

    Perhaps the greatest damage the American system of education has done
    to its children is to teach them that their opinions are relevant
    simply because they are their opinions.

	Do YOU Yahoo!?

More information about the bind-users mailing list