Delegation of Authority

David Botham DBotham at OptimusSolutions.com
Wed Jun 2 12:56:27 UTC 2004


bind-users-bounce at isc.org wrote on 06/02/2004 08:21:43 AM:
> 
> 
> David Botham wrote:
> 
> > In the domain.co.za zone db file, do this:
> > 
> > ; Delegate sub.domain.co.za
> > sub     IN      NS      ns1.sub.domain.co.za.
> > sub     IN      NS      ns2.sub.domain.co.za.
> > 
> > ; Glue for ns1.sub.domain.co.za and ns2.sub.domain.co.za
> > ns1.sub IN      A       10.10.10.1
> > ns2.sub IN      A       10.10.10.2
> > 
> > The 2 NS RR's are the delegation.  Because the two name servers for 
the
> > new zone end in the parent's domain name, you must include A RR's for 
them
> > in the parent zone file so other name servers can get the IP addresses 
for
> > ns1.sub and ns2.sub.  If the new name servers are in some other
> > domain/zone, then, it is the responsibility of the other zone's
> > administrator to maintain these A RR's.
> 
> I don't think this applies to bind 4.9 but I just struggled with
> this same issue myself. The problem I was having was that I needed
> to turn off forwarders in my master zone.
> 
>    zone "wmi.com" {
>            type master;
>            allow-update {
>                key DHCP_UPDATER;
>                    127.0.0.1;
>                    192.168.1.9;
>                     192.168.1.18;
>         };
>         file "wmi.com";
>         forwarders {};
> };
> 
> It seems forwarders override delegations. At some point I'll break down

No, forwarding does not override delegation.  If a name server is 
authoritative for a zone, then it will not use forwarders.  If a name 
server is not authoritative for a zone and does not have the requested 
data cached, then it will use its forwarders.  Really, the concepts of 
forwarders and delegation are not related, however, the resolution process 
sort of ties them together...


hth,

Dave...


> and
> turn forwarders off globally.
> 
>  - Joel
> 




More information about the bind-users mailing list