children whose zones do not reflect the delegation from the parent

Phil Mayers p.mayers at imperial.ac.uk
Wed Mar 30 09:33:55 UTC 2011


On 03/30/2011 04:45 AM, ben thielsen wrote:
>
> both fail to do so.  so - it would seem to me that at least somehow,
> in some sense, the delegation is broken.  however, if queried further

It does seem a bit broken - there's no SOA for 33.50.in-addr.arpa i.e. 
no zone there.

> for a /24 within that /16, both servers now work "properly", and
> further delegate to other servers [and themselves]:

So probably they've got a zone for many of the child block e.g.

x.33.50.in-addr.arpa.

...but not the parent one, which is lazy.

>
> which leaves me sort of scratching my head.  on the one hand, pretty
> much everything i've learned about dns says that it shouldn't work,
> but yet it seems to.  added to that, the way delegation has been done

The reason it works is that, at each point down in the delegation, 
nameservers are asking for the full name i.e.

1.151.33.50.in-addr.arpa/PTR

..and of course, the broken nameserver do have this, so it works even 
though "33.50.in-addr.arpa" doesn't exist. But you're right, the 
delegation does look wrong (to me at least). The absence of a proper 
delegation means that a lookup for a non-existent IP returns with 
SERVFAIL rather than NXDOMAIN e.g.

dig -x 50.33.44.255  -> SERVFAIL because they don't have the zone for 
"44" and don't have the parent zone either

versus

dig -x 50.33.151.255 -> NXDOMAIN



More information about the bind-users mailing list