children whose zones do not reflect the delegation from the parent
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 30 09:33:55 UTC 2011
On 03/30/2011 04:45 AM, ben thielsen wrote:
>
> both fail to do so. so - it would seem to me that at least somehow,
> in some sense, the delegation is broken. however, if queried further
It does seem a bit broken - there's no SOA for 33.50.in-addr.arpa i.e.
no zone there.
> for a /24 within that /16, both servers now work "properly", and
> further delegate to other servers [and themselves]:
So probably they've got a zone for many of the child block e.g.
x.33.50.in-addr.arpa.
...but not the parent one, which is lazy.
>
> which leaves me sort of scratching my head. on the one hand, pretty
> much everything i've learned about dns says that it shouldn't work,
> but yet it seems to. added to that, the way delegation has been done
The reason it works is that, at each point down in the delegation,
nameservers are asking for the full name i.e.
1.151.33.50.in-addr.arpa/PTR
..and of course, the broken nameserver do have this, so it works even
though "33.50.in-addr.arpa" doesn't exist. But you're right, the
delegation does look wrong (to me at least). The absence of a proper
delegation means that a lookup for a non-existent IP returns with
SERVFAIL rather than NXDOMAIN e.g.
dig -x 50.33.44.255 -> SERVFAIL because they don't have the zone for
"44" and don't have the parent zone either
versus
dig -x 50.33.151.255 -> NXDOMAIN
More information about the bind-users
mailing list