Trying simple NS delegation for a subdomain * I cannot get it to load/work.
Steve Gladden
steve at michiganbroadband.com
Thu Aug 28 13:11:45 UTC 2025
I'm totally all set.
The +norecurse option is exactly what I needed.
So this was a learning item for me.
The nameserver was indeed loading my NS records all along.
I just couldn’t see it.
And everything worked as expected once I loaded all five NS records and the other remote DNS could see them.
-Steve
-----Original Message-----
From: Mark Andrews <marka at isc.org>
Sent: Wednesday, August 27, 2025 8:19 PM
To: Steve Gladden <steve at michiganbroadband.com>
Cc: bind-users at lists.isc.org
Subject: Re: Trying simple NS delegation for a subdomain * I cannot get it to load/work.
> On 28 Aug 2025, at 10:01, Steve Gladden <steve at michiganbroadband.com> wrote:
>
> Hi this is my first post ever.
> I’m stuck on a very simple task that I have not been able to get it to work.
> I have done this in the past with older versions of BIND but it has been quite a while.
>
> I’m trying to delegate to an external provider’s nameserver for a “subdomain” of mine.
> The parent zone file works properly and loads and serves everything as expected.
> But will not load and serve my NS record pointing an external provider’s DNS.
>
> I can get much more specific as need-be
> I am on and up to date version of Debian Server and up to date version
> of Bind9 named -v BIND 9.18.28-1~deb12u2-Debian (Extended Support
> Version) <id:>
>
> This is a generic example of what I am trying to do.
> The top two parent NS records load and serve as expected.
> As well as the A record of course.
>
> But the delegated NS record at the bottom does not get loaded or
> served when queried for it I am using dig as you may expect to determine this.
> I must be totally missing something simple but I am totally stumped on this at the moment.
To test whether the record is loaded do a NON-RECURSIVE query. You are currently testing the loading AND the recursive lookup.
Check whether the delegation is present:
dig +norec test.domain.com NS @the-parent-server
Check whether the delegated zone is loaded:
dig +norec test.domain.com NS @ns1.anothernameserver.com
Check whether recursion worked:
dig test.domain.com NS
> $TTL 3600
> $ORIGIN domain.com.
> @ IN SOA domain.com. admin.domain.com. (
> 2017090101 ; Serial
> 10800 ; Refresh
> 1800 ; Retry
> 1209600 ; Expire
> 3600 ; Negative Cache TTL
> )
> @ IN NS ns1.domain.com.
> @ IN NS ns2.domain.com.
> @ IN A 1.2.3.4
> www IN A 1.2.3.4
> $ORIGIN test.domain.com.
> @ IN NS ns1.anothernameserver.com.
>
>
>
> dig @localhost test.domain.com NS
> ; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> @localhost test.domain.com
> ns ; (2 servers found) ;; global options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59084 ;; flags:
> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT
> PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: fb069e980ad743db0100000068af9952a0efd48210391401 (good) ;;
> QUESTION SECTION:
> ;test.domain.com. IN NS
> ;; Query time: 31 msec
> ;; SERVER: 127.0.0.1#53(localhost) (UDP) ;; WHEN: Wed Aug 27 19:48:34
> EDT 2025 ;; MSG SIZE rcvd: 69
>
> Thank you for any pointers..
> I have spent about a day searching the web before posting. Many examples say to do it the way I am doing it.
> And I’ve done it before this way.
> Not sure what I am missing.
>
> -SteveG
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list