Out-of-zone data mistaken for glue?

Phil Mayers p.mayers at imperial.ac.uk
Tue May 11 11:50:21 UTC 2010


On 11/05/10 12:20, Barry Margolin wrote:
> In article<mailman.1488.1273575364.21153.bind-users at lists.isc.org>,
>   Phil Mayers<p.mayers at imperial.ac.uk>  wrote:
>
>> Following on from yesterdays query; if I have this zone:
>>
>> test.com.		86400	IN	SOA	...
>> test.com.		86400	IN	NS	...
>> foo.test.com.		86400	IN	NS	ns.foo.test.com.
>> ns.foo.test.com.	86400	IN	A	192.168.254.254
>> www.foo.test.com.	86400	IN	A	192.168.1.1
>>
>> ...this zone loads fine, and www.foo.test.com does *not* resolve, which
>> is as expected I guess. However, neither bind nor named-checkzone report
>> the non-glue A record as an error. Is this expected?
>>
>> (This is just curiosity - obviously it's a bad idea to populate zones
>> like this!)
>
> Are you sure you have the trailing dot on that record?
>

Pretty sure. I can start out with no zone cut, insert one via 
"nsupdate", freeze the zone, and the resultant zone still reports no errors:

== Initial zone, no zone cut ==

# dig @localhost test.com axfr
test.com.		86400	IN	SOA	...
test.com.		86400	IN	NS	...
www.foo.test.com.	86400	IN	A	192.168.1.1

== www host resolves as expected ==

# dig +norec +noide +noqu +noqr +norec @localhost www.foo.test.com
;; ANSWER SECTION:
www.foo.test.com.	86400	IN	A	192.168.1.1

;; AUTHORITY SECTION:
test.com.		86400	IN	NS	...


== Insert the zone cut ==

# nsupdate
 > server localhost
 > zone test.com
 > update add foo.test.com. 86400 NS ns1.example.com.
 >

# dig @localhost test.com axfr
test.com.		86400	IN	SOA	...
test.com.		86400	IN	NS	...
foo.test.com.		86400	IN	NS	ns1.example.com.
www.foo.test.com.	86400	IN	A	192.168.1.1

== www host no longer resolves, as expected ==

# dig +norec +noide +noqu +noqr +norec @localhost www.foo.test.com
;; AUTHORITY SECTION:
foo.test.com.		86400	IN	NS	ns1.example.com.

== Flush the zone to disk ==

# rndc freeze test.com
# cat test.com
$ORIGIN .
$TTL 86400	; 1 day
test.com		IN SOA	...
			NS	...
$ORIGIN test.com.
foo			NS	ns1.example.com.
$ORIGIN foo.test.com.
www			A	192.168.1.1

== Run compilezone - no errors ==

# named-compilezone -o /dev/null test.com test.com
zone test.com/IN: loaded serial 2006405210
dump zone to /dev/null...done
OK



More information about the bind-users mailing list