Split DNS Subdomain Problem

Barry Margolin barmar at genuity.net
Mon Feb 11 23:33:03 UTC 2002

In article <a49jij$k81 at pub3.rc.vix.com>,
steve belczyk <steve1 at genesis.nred.ma.us> wrote:
>I just started running BIND 9.1.3 a few months ago and am seeing some odd
>behavior with subdomain delegation in a split DNS environment.
>ns1.foo.com is the master internal name server for foo.com.  It has numerous
>subdomain delegations that look like this in the zone file:
>    sub.foo.com.         43200   IN   NS   ns1.sub.foo.com.
>    ns1.sub.foo.com.     43200   IN   A
>There is also a similar delegation on dns1.foo.com, which is the master
>external name server for foo.com, but the delegation is to a different
>name server:
>    sub.foo.com.         43200   IN   NS   dns1.sub.foo.com.
>    dns1.sub.foo.com.    43200   IN   A
>Everything works fine for a while after starting named on ns1.foo.com.
>Queries to ns1.foo.com for information in sub.foo.com work as expected.
>But after a few hours queries to the internal name server return the
>results from the external name server, as if the internal name server
>has forgotten the delegation and is going out to the internet to resolve
>the query.

What NS records are on ns1.sub.foo.com?  When ns1.foo.com queries
ns1.sub.foo.com it is likely to cache those NS records, and since they come
from the authoritative server for the subdomain they have more credibility
than the delegation records.

If the NS records on the actual server refer to dns1.sub.foo.com,
ns1.foo.com will use them.

Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list