conflicting subdomain delegation

Barry Margolin barmar at alum.mit.edu
Thu Nov 15 16:24:40 UTC 2018


In article <mailman.818.1542216489.803.bind-users at lists.isc.org>,
 Frank Liu <gfrankliu at gmail.com> wrote:

> Thanks for confirming bind behavior matches what I saw.
> I noticed other resolvers (eg: @8.8.8.8) works differently, c.b.a.com NS
> host2 actually got used, not ignored as occluded data.

That shouldn't be possible. The occluded data should never be given out 
by the authoritative server, so the resolver should never see it.

Tell us the actual domains so we can see what's really happening.

> Is this a bind specific implementation, not required by any RFCs?
> >From authoritative dns perspective, Amazon Route53 allows you to add both
> delegations in the a.com zone without any "out of zone data" error.
> 
> 
> On Tue, Nov 13, 2018 at 1:50 PM Mark Andrews <marka at isc.org> wrote:
> 
> >
> > > On 14 Nov 2018, at 4:04 am, Frank Liu <gfrankliu at gmail.com> wrote:
> > >
> > > Hi,
> > >
> > > Is there a RFC determining which nameserver to use if there is a
> > conflicting subdomain delegation?
> > >
> > > eg:
> > > In the zone of a.com, there are two NS delegations
> >
> > This one is used.
> >
> > > b.a.com NS host1
> >
> > This one is ignored as it is occluded data.
> >
> > > c.b.a.com NS host2
> > >
> > > On host1 in zone b.a.com, there is
> > > c.b.a.com NS host3
> >
> > Which is occluded data or glue depending upon the rest of the contents of
> > the zone.
> >
> > > As you can see, there is a conflicting delegation for c.b.a.com. If I
> > look a name d.c.b.a.com, will the nameserver host2 or host3 be used?
> > > dig +trace seems to go to host2, but bind9 as a resolver goes to host3.
> > > (the test was done on a centos7).
> >
> > dig +trace follows the returned delegations.
> >
> > > Any ideas?
> > > Thanks!
> > > _______________________________________________
> > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> > >
> > > bind-users mailing list
> > > bind-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> >
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
> >
> >

-- 
Barry Margolin
Arlington, MA


More information about the bind-users mailing list