Questions about delegation

Bob Harold rharolde at umich.edu
Wed Dec 19 17:46:25 UTC 2018


On Wed, Dec 19, 2018 at 10:51 AM Bob McDonald <bmcdonaldjr at gmail.com> wrote:

> I have a DNS server that serves a zone for domain example.org.
> That DNS server lives at 192.0.2.53
> As part of hosting that domain, a child domain is delegated. (
> gtm-int.example.org.)
> There are two NS records as follows:
> gtm-int.example.org. IN NS gtm-int-east.example.org.
> gtm-int.example.org. IN NS gtm-int-west.example.org.
> gtm-int-east.example.org. IN A 203.0.113.53
> gtm-int-west.example.org. IN A 198.51.100.53
> (and yes, in this case the delegated child domain lives on two F5 GTMs)
>
> The devices hosting the delegated child domain both contain NS records
> which match the parent's NS records for the child domain and they contain
> glue records which also match the parent's A records for the NS records.
>
> Here are my curiosities:
>
> 1) should the NS records for the delegated child domain be hosts which
> reside in the parent domain or the delegated child domain? (or does it
> matter as long as the glue is correct?)
> gtm-int.example.org. IN NS gtm-int-east.example.org.
> gtm-int.example.org. IN NS gtm-int-west.example.org.
> gtm-int-east.example.org. IN A 203.0.113.53
> gtm-int-west.example.org. IN A 198.51.100.53
> -OR-
> gtm-int.example.org. IN NS gtm-int-east.gtm-int.example.org
> <http://gtm-int-east.example.org/>.
> gtm-int.example.org. IN NS gtm-int-west.gtm-int.example.org
> <http://gtm-int-west.example.org/>.
> gtm-int-east.gtm-int.example.org <http://gtm-int-east.example.org/>. IN A
> 203.0.113.53
> gtm-int-west.gtm-int.example.org <http://gtm-int-west.example.org/>. IN A
> 198.51.100.53
>
> 2) Do I need to specify a null forwarder statement for the parent domain?
> (to prevent query forwarding to the delegated child domain)
>
> Regards,
>
> Bob
>

If I get this wrong, someone will correct me.  But as I understand it...

1. Your choice.  Glue is needed if the servers are in the child zone.

2. No.  I don't know what a "null" forwarder statement is, but your F5's
are acting as Authoritative DNS servers.  Forwarding only applies to DNS
Resolvers, and is only used if you don't want the resolver to follow the NS
records (like when firewalls are in the way).

-- 
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181219/97ebc993/attachment.html>


More information about the bind-users mailing list