[Pdns-users] Why NS records?

Maik Zumstrull maik.zumstrull at rz.uni-karlsruhe.de
Wed Aug 25 16:53:54 UTC 2010


Yves Goergen wrote:

> what is it good for to add NS records to a domain in an authoritative
> nameserver? I mean when somebody has already come here, they already
> know what nameserver to ask for the domain. Why would the nameserver
> reply with "I am the one to ask for that domain" if it can only say
> that when being asked directly? Wouldn't that kind of information
> belong to the domain registries for TLDs?

It's defined that way. The namespace is divided into zones, and each
zone has authoritative and non-authoritative data. If you have the
parent zone "bar.example." and the zone "foo.bar.example.", then NS
records with the owner name "foo.bar.example." belong by definition both
to the non-authoritative data of the zone "bar.example." and to the
authoritative data of the zone "foo.bar.example.".

If you come at it from a classical DNS point of view, then this is
overly specific. Other than for consistency, the entries are
unnecessary in the child zone.

Precise definitions of zone membership are important for DNSsec,
though. They decide who signs a record using which key. In my opinion,
once signed delegations come into play, it makes sense to define NS
records exactly that way.



More information about the Pdns-users mailing list