MNAME not a listed NS record
Barry Margolin
barmar at alum.mit.edu
Wed Jan 16 21:42:05 UTC 2013
In article <mailman.1077.1358370123.11945.bind-users at lists.isc.org>,
Chuck Swiger <cswiger at mac.com> wrote:
> On Jan 16, 2013, at 12:40 PM, Dave Warren wrote:
> > Is there anything technically wrong with having a SOA MNAME field that
> > isn't listed as a NS record?
>
> Sure. The SOA MNAME is expected to be the "primary master" nameserver for
> the zone; it's where things like dhcpd and such send dynamic updates for the
> zone to.
But that doesn't mean it should be the server for resolver queries.
>
> > The server listed as MNAME will host the zone and is authoritative for the
> > zone, but out of latency concerns it isn't ideal to have other resolvers
> > querying this server.
>
> Okay...so why would you use that nameserver at all, then?
>
> Choose a nameserver which is suitable for other resolvers to query for your
> master.
The master could be behind a firewall that only allows the published
nameservers to connect to it.
The performance requirements of a nameserver that serves public queries
are different from a server that only has to respond to zone transfer
requests from the published nameservers.
> > Various online DNS diagnostic tools throw warnings, but as far as I can
> > tell from the RFCs, this is a valid configuration. Is it valid? Are there
> > any operational gotchas to be aware of or can I ignore the "warnings"?
Consider this a sanity check, in case you intended to list one of the NS
records but made a typo, not a validity check.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list