Stub zones again: Delegation and RFC compliance?

David Carmean dlc at halibut.com
Mon Feb 7 20:43:40 UTC 2005


The department that parents my internal domain is "upgrading" their authoritative 
nameservers, but it appears that they're still using stub zones to perform the 
delegation.  This is apparent by the lack of NS records for my domain when I 
perform a zone transfer of the parent domain.

Now, this "works" for "normal" lookups, because the parent server returns 
the correct NS records anyway, having cached them in the stub zone data after 
retrieving them from my authoritative servers for the child domain.  But 
is the lack of delegating NS records (and glue?) in the parent zone 
out of compliance with any RFCs?  Will it break anything in DNSSEC, for 
example?

I am hoping that stub zones continue to be supported for their use in 
place of "forward" zones in split-view domains; their ability to cause 
the resolving server to learn the internal auth server heirarchy is valuable 
to me.  But if I continue to use them for this function, how can I convince 
the other DNS admins internally not to use them for delegations?

Thanks.



More information about the bind-users mailing list