Out-of-zone data mistaken for glue?
Phil Mayers
p.mayers at imperial.ac.uk
Tue May 11 11:50:21 UTC 2010
On 11/05/10 12:20, Barry Margolin wrote:
> In article<mailman.1488.1273575364.21153.bind-users at lists.isc.org>,
> Phil Mayers<p.mayers at imperial.ac.uk> wrote:
>
>> Following on from yesterdays query; if I have this zone:
>>
>> test.com. 86400 IN SOA ...
>> test.com. 86400 IN NS ...
>> foo.test.com. 86400 IN NS ns.foo.test.com.
>> ns.foo.test.com. 86400 IN A 192.168.254.254
>> www.foo.test.com. 86400 IN A 192.168.1.1
>>
>> ...this zone loads fine, and www.foo.test.com does *not* resolve, which
>> is as expected I guess. However, neither bind nor named-checkzone report
>> the non-glue A record as an error. Is this expected?
>>
>> (This is just curiosity - obviously it's a bad idea to populate zones
>> like this!)
>
> Are you sure you have the trailing dot on that record?
>
Pretty sure. I can start out with no zone cut, insert one via
"nsupdate", freeze the zone, and the resultant zone still reports no errors:
== Initial zone, no zone cut ==
# dig @localhost test.com axfr
test.com. 86400 IN SOA ...
test.com. 86400 IN NS ...
www.foo.test.com. 86400 IN A 192.168.1.1
== www host resolves as expected ==
# dig +norec +noide +noqu +noqr +norec @localhost www.foo.test.com
;; ANSWER SECTION:
www.foo.test.com. 86400 IN A 192.168.1.1
;; AUTHORITY SECTION:
test.com. 86400 IN NS ...
== Insert the zone cut ==
# nsupdate
> server localhost
> zone test.com
> update add foo.test.com. 86400 NS ns1.example.com.
>
# dig @localhost test.com axfr
test.com. 86400 IN SOA ...
test.com. 86400 IN NS ...
foo.test.com. 86400 IN NS ns1.example.com.
www.foo.test.com. 86400 IN A 192.168.1.1
== www host no longer resolves, as expected ==
# dig +norec +noide +noqu +noqr +norec @localhost www.foo.test.com
;; AUTHORITY SECTION:
foo.test.com. 86400 IN NS ns1.example.com.
== Flush the zone to disk ==
# rndc freeze test.com
# cat test.com
$ORIGIN .
$TTL 86400 ; 1 day
test.com IN SOA ...
NS ...
$ORIGIN test.com.
foo NS ns1.example.com.
$ORIGIN foo.test.com.
www A 192.168.1.1
== Run compilezone - no errors ==
# named-compilezone -o /dev/null test.com test.com
zone test.com/IN: loaded serial 2006405210
dump zone to /dev/null...done
OK
More information about the bind-users
mailing list