Question about name servers

Kevin Darcy kcd at daimlerchrysler.com
Fri Nov 1 23:17:53 UTC 2002


jiangyi wrote:

> Hi,all
>
> I'm a beginner to DNS. My question is: When we want to refer to a node N in
> a sub-domain implementd as a different zone than the current domain, a name
> server for that zone needs to be specified. Is it always necessary to
> include a resource record for that server's address, or is it sufficient to
> provide only its domain name? Why?

This depends entirely on whether the nameserver's name is in the subzone or
not. If the nameserver's name is in the subzone, e.g. ns.foo.example.com
serving the foo.example.com subzone, then you have to supply a "glue
record" in the parent zone otherwise resolvers get into the following
chicken-and-egg scenario:

a) need to resolve www.foo.example.com (for example), so I ask the example.com
nameservers
b) they give me a referral to ns.foo.example.com but no address
c) in order to resolve ns.foo.example.com into an address I need to contact
the nameserver(s) for foo.example.com; I know that ns.foo.example.com is a
nameserver for that zone, but I don't know its address, and I don't have any
way to get it, so I'm stuck.

Because the parent has a "glue record" it can serve up the address of
ns.foo.example.com at step (b), thus short-circuiting the whole
chicken-and-egg scenario.

If the name of the nameserver is _not_ in the zone it is serving, then the
potential for this chicken-and-egg scenario does not exist, so you don't need
the glue record.

Moral of the story: if you want to obviate glue records, avoid, where
possible, putting the names of your nameservers in the zones that they serve,
e.g. all of my external zones are delegated to nameservers in the
daimlerchrysler.com domain, so none of them except daimlerchrysler.com itself
require glue records in the TLD zones.


- Kevin




More information about the bind-users mailing list