[Pdns-users] Proper delegation of a subzone

Stefan Schmidt zaphodb at zaphods.net
Tue Jun 28 12:23:27 UTC 2011 

On Tue, Jun 28, 2011 at 1:39 AM, umiotoko <john.seaman at intusurg.com> wrote:

> myhost          IN      CNAME      myhost.newsubzone.mydomain.tld


> newsubzone     IN      NS      ns1.myotherdomain.tld
> newsubzone     IN      NS      ns2.myotherdomain.tld
>
> --- End snippet ---
>
> My reading of bind documentation seems to show that when delegating a
> subzone to an external server we need glue host (A) records for the subzone
> nameservers (example below).
>
> -- Question - do we need A records for the external DNS servers like this ?
> -----------
> ns1.myotherdomain.tld            IN       A          10.1.0.100
> ns2.myotherdomain.tld            IN       A          10.1.0.150
>

You only need glue records if the names for the nameservers you delegate to
are within the scope of the subdomain you're trying to erect.
As ns(1|2).myotherdomain.tld are completely outside the scope of
newsubzone.mydomain.tld you do not need any glue records there.

Does this sound accurate ?  I don't have the entire zone file, and I don't
> know how exactly they host it, so I understand this is incomplete
> information.  My snippet doesn't have trailing dots either, so I'm going to
> guess they host in a DB.
>

Yes, that sounds likely.



> When I do a dig to my DNS providers NS, I get the following:
>
> C:\>dig @ns1.mydnsprovider.net
>
> ; <<>> DiG 9.3.2 <<>> @ns1.mydnsprovider.net myhost.mydomain.tld
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 708
> ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;myhost.mydomain.tld.                IN      A
>
> ;; ANSWER SECTION:
> myhost.mydomain.tld. 3600    IN      CNAME
> myhost.newsubzone.mydomain.tld.
>
> ;; AUTHORITY SECTION:
> newsubzone.mydomain.tld.      3600    IN      NS
>  ns1.myotherdomain.tld.
> newsubzone.mydomain.tld.      3600    IN      NS
>  ns2.myotherdomain.tld.
>
> ;; Query time: 14 msec
> ;; SERVER: x.x.x.x#53(x.x.x.x)
> ;; WHEN: Mon Jun 27 16:27:20 2011
> ;; MSG SIZE  rcvd: 108


When specifying a host to ask dig will only present you with what that host
replies.
The host you queried is probably authoritative only and will not recurse for
you.
Try if querying @8.8.8.8 returns an A record and if +trace walks all the way
through.
If you can ping myhost.mydomain.tld it should all be well. Ping will use the
gethostbyname function of your libc which (usually) queries a recursive
nameserver

 Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110628/33c72905/attachment-0001.html>

More information about the Pdns-users mailing list