NS record question

Roy Arends Roy.Arends at nominum.com
Mon Mar 26 21:01:47 UTC 2001

On Mon, 26 Mar 2001, Bob Vance wrote:

> Roy said:
> >In the parent zone, there _has_ to be delegation records for the child
> >zone in any scenario, they should be identical copy of the NS records
> in
> >the childs apex.
> Actually, it appears that you do *not* have to have the NS records in
> the parent zone *file*, though -- only in the child zone *file*.
> This makes sense because, the NS records defined in child zone file will
> show up in the servers cache anyway, since it's on the same server.
> Thus, the NOTIFY issue that I raised couldn't actually exist -- the
> primary *will* have the NS records for the child zone, like it or not :)


This is only true when 

1) parent and child reside on same server AND 
2) the set of slaves for both zones are identical AND 
3) your using bind-8, which can not differ apex and zone-cut records AND
4) you're not using DNSSEC AND
5) you want to violate rfc1034 

> Thus I would say that the answer to the original question:
> > Should I have NS records for a delegated zone even if the delegation
> is on
> > the same nameserver?
> > ---
> > db.mydomain.com
> > @	IN SOA ns.mydomain.com root.mydomain.com ( ... )
> > 	IN NS ns.mydomain.com.
> > 	IN NS ns1.mydomain.com.
> >
> > zone1	IN NS ns.mydomain.com.		#	should these lines be here
> > zone1	IN NS ns2.mydomain.com		#
> is,
>    "No.  You are not *required* to enter them into the parent zone file.
>     They will appear from the child zone file.
>     You *must* have the NS records in the child zone file or it will not
> load.
>    "

If all the specified points are met, then yes, but those were not
specified in the original question.

> This would be a good thing in the sense of defining the records in only
> on place.  But, of course, puts obfuscation above readability and
> understanding :)

I agree.

Roy Arends

More information about the bind-users mailing list