To:
Gunnar Lindberg <lindberg@cdg.chalmers.se>
Cc:
dnsop@cafax.se
From:
Edward Lewis <lewis@tislabs.com>
Date:
Mon, 28 Jun 1999 10:38:39 -0400
In-Reply-To:
<199906281311.PAA14579@wilfer1.cdg.chalmers.se>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Primary also being secondary
At 9:11 AM -0400 6/28/99, Gunnar Lindberg wrote: >My conclusion is that, at least in bind-8.1.2, the delegated zone's >version of the shared NS-info gets precedence over the delegating >zone's version (the config file). Although I can see cases where this >may be good and useful I'm not sure this is generally so - the case >above is one counter example. I've not found anything in the RFCs >that tell which one is considered "correct" or even "better". RFC 2181 (Clarifications to DNS): #6.1. Zone authority ... # another zone. The NS records that indicate a zone cut are the # property of the child zone created, as are any other records for the # origin of that child zone, or any sub-domains of it. A server for a # zone should not return authoritative answers for queries related to # names in another zone, which includes the NS, and perhaps A, records # at a zone cut, unless it also happens to be a server for the other # zone. So, the child's is authoritative, the parent's is merely glue. >My 1c is that this is wrong and that the data sent to a secondary, >i.e. AXFR, should be the original data from the config file(s), and >not be a "copy of a copy". Since the parent's zone file copy of the child's set of servers is glue, and the child is also local to the server, the parent's set is forgotten. But you seem to have identified a situation where the protocol is not fail-safe. I am not convinced that this is something that has to be fixed - perhaps, perhaps, the occurrances of mismatched parent-child sets is more commonly erring in favor of the child and perhaps you have witnessed an unfortunate incident. I suggest that you post your message to bind-workers@isi.edu for more discussion. That is a forum that deals with such issues more frequently, since this may turn out to be a BIND-ism and not a DNSism. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NAI Labs Phone: +1 443-259-2352 Email: lewis@tislabs.com "Trying is the first step to failure." - Homer Simpson "No! Try not. Do... or do not. There is no try." - Yoda Opinions expressed are property of my evil twin, not my employer.