<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7651.59">
<TITLE>RE: is this a valid zone file?</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText95858 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Since you are digging
@127.0.0.1, I can't tell for sure on which server you are performing the
dig. But based on the responses, I'd say you were performing the dig on
d62.test.net. d62 is authoritative for 168.192.in-addr.arpa
but not for 0/16.168.192.in-addr.arpa. (The NS record for
0/16.168.192.in-addr.arpa in the 168.192.in-addr.arpa zone does not make d62
authoritative for 0/16.168.192.in-addr.arpa.) And since you appear to have
disallowed recursion on d62, it will not query d88 for the NS record for
0/16.168.192.in-addr.arpa. It returns the NS record for
0/16.168.192.in-addr.arpa in the authority section of the query
to tell the querying device that it needs to instead query d88
for the NS record. </FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> bind-users-bounces@lists.isc.org on behalf
of Jack Tavares<BR><B>Sent:</B> Mon 12/22/2008 5:05 AM<BR><B>To:</B>
bind-users@lists.isc.org<BR><B>Subject:</B> RE: is this a valid zone
file?<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Thanks to everybody so far. I am still confused trying to figure
this out.<BR><BR>At the risk of looking stupid...<BR><BR>Given this zone
file.<BR><BR>$TTL 500<BR>$ORIGIN
168.192.in-addr.arpa.<BR>@
IN SOA d62.test.net.
hostmaster.d62.test.net.. 2008122201 10800 3600 604800
86400<BR>
NS
d62.test.net.<BR>0/16
NS d88.test.net.<BR><BR><BR>dig for a zone
transfer returns<BR>[root@d62:Active] shared # dig axfr @127.0.0.1
168.192.in-addr.arpa.<BR>; <<>> DiG 9.5.0-P2 <<>> axfr
@127.0.0.1 168.192.in-addr.arpa.<BR>; (1 server found)<BR>;; global
options: printcmd<BR>168.192.in-addr.arpa.
500 IN
SOA d62.test.net. hostmaster.my.domain. 2008122201 10800
3600 604800 86400<BR>168.192.in-addr.arpa.
500 IN
NS d62.test.net.<BR>0/16.168.192.in-addr.arpa.
500 IN NS
d88.test.net.<BR>168.192.in-addr.arpa. 500
IN SOA d62.test.net.
hostmaster.my.domain. 2008122201 10800 3600 604800 86400<BR>;; Query time: 0
msec<BR>;; SERVER: 127.0.0.1#53(127.0.0.1)<BR>;; WHEN: Mon Dec 22 03:16:38
2008<BR>;; XFR size: 4 records (messages 1, bytes 179)<BR><BR><BR>and a dig for
the NS record returns:<BR>[root@d62:Active] shared # dig -t ns
@127.0.0.1 168.192.in-addr.arpa.<BR>; <<>> DiG 9.5.0-P2
<<>> -t ns @127.0.0.1 168.192.in-addr.arpa.<BR>; (1 server
found)<BR>;; global options: printcmd<BR>;; Got answer:<BR>;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3426<BR>;; flags:
qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<BR>;; WARNING:
recursion requested but not available<BR>;; QUESTION
SECTION:<BR>;168.192.in-addr.arpa.
IN NS<BR>;; ANSWER
SECTION:<BR>168.192.in-addr.arpa. 500
IN NS
d62.test.net.<BR>;; Query time: 0 msec<BR>;; SERVER:
127.0.0.1#53(127.0.0.1)<BR>;; WHEN: Mon Dec 22 03:17:15 2008<BR>;; MSG
SIZE rcvd: 64<BR><BR><BR>while a dig for the 0/16 NS record returns 0
answers, but 1 AUTHORITY record.<BR>[root@d62:Active] shared #
dig -t ns @127.0.0.1 0/16.168.192.in-addr.arpa.<BR>;
<<>> DiG 9.5.0-P2 <<>> -t ns @127.0.0.1
0/16.168.192.in-addr.arpa.<BR>; (1 server found)<BR>;; global options:
printcmd<BR>;; Got answer:<BR>;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 29418<BR>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
ADDITIONAL: 0<BR>;; WARNING: recursion requested but not available<BR>;;
QUESTION SECTION:<BR>;0/16.168.192.in-addr.arpa.
IN NS<BR>;; AUTHORITY
SECTION:<BR>0/16.168.192.in-addr.arpa. 500
IN NS
d88.test.net.<BR>;; Query time: 0 msec<BR>;; SERVER:
127.0.0.1#53(127.0.0.1)<BR>;; WHEN: Mon Dec 22 03:17:53 2008<BR>;; MSG
SIZE rcvd: 69<BR><BR><BR>So I am trying to figure out, if named wont serve
the 0/16 NS record from 168.192 zone,<BR>what is the purpose of putting it
there?<BR><BR><BR><BR>--<BR>Jack Tavares<BR>AIM: jackatavares<BR>SKYPE:
jackandkaddee<BR>Reminder: I am at GMT+2, 10 hours AHEAD of Seattle.<BR>My
workweek is Sunday-Thursday.<BR>Email sent to me Thursday afternoon (PST) may
not be viewed until Sunday morning
(GMT+2).<BR>________________________________________<BR>From:
bind-users-bounces@lists.isc.org [bind-users-bounces@lists.isc.org] On Behalf Of
Matus UHLAR - fantomas [uhlar@fantomas.sk]<BR>Sent: Monday, December 22, 2008
11:14 AM<BR>To: bind-users@lists.isc.org<BR>Subject: Re: is this a valid zone
file?<BR><BR>On 21.12.08 04:21, Jack Tavares wrote:<BR>> as specified,
wouldn't this zone then be non-authoritative<BR><BR>I believe BIND doesn't check
NS Records when deciding if it should set the<BR>"AA" flag and only takes care
about the records being from zone<BR>(master/slave) or authoritative source (for
AA records) or cache.<BR><BR>> > That has no NS server defined for the
zone, just the ranges of the zone.<BR>> > Is that valid?<BR>><BR>>
it is, but may cause problems. NS records for the zone itself should be<BR>>
defined.<BR><BR>--<BR>Matus UHLAR - fantomas, uhlar@fantomas.sk ; <A
href="http://www.fantomas.sk/">http://www.fantomas.sk/</A><BR>Warning: I wish
NOT to receive e-mail advertising to this address.<BR>Varovanie: na tuto adresu
chcem NEDOSTAVAT akukolvek reklamnu postu.<BR>Microsoft dick is soft to do no
harm<BR>_______________________________________________<BR>bind-users mailing
list<BR>bind-users@lists.isc.org<BR><A
href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</A><BR>_______________________________________________<BR>bind-users
mailing list<BR>bind-users@lists.isc.org<BR><A
href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</A><BR></FONT></P></DIV>
</BODY>
</HTML>