Delegation question

Joseph S D Yao jsdy at tux.org
Fri Feb 4 19:21:38 UTC 2011 

On Fri, Feb 04, 2011 at 09:55:07PM +1100, Jean-Yves Avenard wrote:
> Hi there..
> 
> I'm trying to create a delegation to a sub-domain ; for some reasons
> I'm getting no-where
> 
> I have a domain.com zone ; I'd like to delegate mel.domain.com to
> another dns server (windows server DNS fwiw)
> Here is my zone file:
...
> domain.com.             IN SOA  m.domain.com. domainmaster.domain.com. (
...
>                                 )
>                         NS      m.domain.com.
>                         MX      0 mail.domain.com.
...
>                         A       192.168.0.2
> ; glue record
> m                       A       192.168.0.2
> mel                  A      192.168.0.3
> ;                         NS ad.domain.com
> ad                      A       192.168.0.3
> ---
> 
> when NS ad.domain.com line is commented out ; querying for
> mel.domain.com is properly resolved:
> 
> bash-3.2# dig @192.168.0.2  mel.domain.com
> 
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @192.168.0.2 mel.domain.com
...
> ;; ANSWER SECTION:
> mel.domain.com.		7200	IN	A	192.168.0.3
...
> Now if I uncomment the NS ad.domain.com. mel.domain.com will not
> resolve anymore:
> 
> bash-3.2# dig @192.168.0.2  mel.domain.com
> 
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @192.168.0.2 mel.domain.com
...
> For what it's worth; ad.domain.com (the other dns server) properly
> answer the query:
> bash-3.2# dig @192.168.0.3  mel.domain.com
> 
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @192.168.0.3 mel.domain.com
...
> ;; ANSWER SECTION:
> mel.domain.com.		600	IN	A	192.168.0.3
...


As someone else mentioned, the main problem was the lack of a period
('.') at the end of the delegating server name.

I don't remember anyone saying outright that, once you have delegated
the domain, any records intended for that domain in the delegating
domain are completely ignored.  [It was hinted at.]  In other words,
the "A" record for "mel" above gets ignored when delegation is on.  [So
I always put the delegated domain name explicitly in front of a
delegating NS record line.]

Also, you have a pair of completely useless $ORIGIN lines in your file.
I find it very rare that $ORIGIN lines are actually useful in master
copies of zone files.  Mostly they confuse, especially if they are
sufficiently far away from where one is focused in the file that one is
not aware how the domain has changed.  [In machine-generated files such
as slaved copies of zone files, it's not expected that humans will be
reading the file, so confusion is not a consideration.]

Teaching texts should use comments rather than $ORIGIN lines to indicate
what the domain is at given points in a zone file.

IMHO, of course.


--
/*********************************************************************\
**
** Joe Yao				jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/

More information about the bind-users mailing list