NS records

Bill Owens owens at nysernet.org
Tue Mar 13 13:35:57 UTC 2012

On Tue, Mar 13, 2012 at 08:26:02AM -0500, Daniel McDonald wrote:
> On 3/13/12 8:20 AM, "hugo hugoo" <hugobxl at hotmail.com> wrote:
> > ==> do I have to create in zone "toto.be" the following NS record:
> >                  titi.toto.be.   TTL   IN   NS    ns1.xxx.be
> > I have found cases where this situation is present and other when it is not
> > present...and both cases seems to work.
> > What is the difference?
> The glue records aren't necessary when both the zone and subzone are on the
> same server, although it is good to have them for completeness.  When the
> zones are on different servers you need the glue records.

That's true, and it also becomes a problem when you want to sign the zones with
DNSSEC; if there's no NS record in the parent, there can't be a chain of trust
from the parent to the child. Assuming that you'll someday want to sign
toto.be, you should put the parent NS records in place now. 


