To:
dnsop@cafax.se
From:
Gunnar Lindberg <lindberg@cdg.chalmers.se>
Date:
Tue, 29 Jun 1999 09:46:09 +0200 (MET DST)
In-Reply-To:
<199906281521.BAA04760@bsdi.dv.isc.org>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Primary also being secondary
>From owner-dnsop@cafax.se Mon Jun 28 17:23:23 1999 >From: marka@isc.org >Message-Id: <199906281521.BAA04760@bsdi.dv.isc.org> >To: Gunnar Lindberg <lindberg@cdg.chalmers.se> >cc: dnsop@cafax.se >Subject: Re: Primary also being secondary >In-reply-to: Your message of "Mon, 28 Jun 1999 15:11:57 +0200." >Date: Tue, 29 Jun 1999 01:21:54 +1000 >> ... >>: hemmet.s-hem.chalmers.se. >>: IN NS glutus.hemmet.s-hem.chalmers.se.hemmet.s-hem.chalmers.se. >>: IN NS ns1.chalmers.se.hemmet.s-hem.chalmers.se. >> ... > When you delegate authority you delegate the authority for ALL > record types (NXT is a special case). The child zone is always > correct. Hm :-). Besides: If I delegate a subdomain, one could think *I* am the one to decide who it's delegated to, i.e. which NS:s should be trusted. > NOTE: If the rules about which copy of the NS rrset were > reversed > you can create the same error by switching the roles around. Yes and no. Yes, I can screw up the upper zone just like everybody else. But, No, when I've screwed up and correct the error, I will increment the version number and thus the secondary will eventuelly get correct data. What happened here was that the upper zone's secondary had in- correct data, stamped with THE SAME VERSION NUMBER as the updated, correct, data and thus this error could have persited for ever. This may be minor in real life, but I'm anyhow glad to hear than BIND9 will do it differently. Gunnar