Delegation or PEBKAC problems?

John Hascall john at iastate.edu
Tue May 5 15:24:28 UTC 2009


> My understanding of delegation is that the resolver goes out to it's
> configured nameserver.  That nameserver returns the NS records for the
> delegated namespace, then the resolver goes to the delegated server to
> ask the next question.  Am I incorrect in that?  

It works that way, sometimes.

If recursion is enabled on your server, it will query
the other servers in the NS records on behalf of the resolver
and return what it finds.  If recursion is off, it will
just return the NS records and the resolver is expected
to follow them (and some really dumb resolvers might
not be able to do that).

If your first server can't talk to the other (delegated zone's)
NS's (say because of a firewall issue) you can get something
that matches what you seem to be getting.

John
-------------------------------------------------------------------------------
John Hascall, john at iastate.edu
Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services)
IT Services, The Iowa State University of Science and Technology



More information about the bind-users mailing list