Re: [DNSOP] simple question

Havard Eidnes <he@uninett.no> Fri, 13 November 2015 17:06 UTC

Return-Path: <he@uninett.no>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 077451B2C20 for <dnsop@ietfa.amsl.com>; Fri, 13 Nov 2015 09:06:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FkR6-nNlLmhm for <dnsop@ietfa.amsl.com>; Fri, 13 Nov 2015 09:06:08 -0800 (PST)
Received: from smistad.uninett.no (smistad.uninett.no [IPv6:2001:700:1:0:eeb1:d7ff:fe59:fbaa]) by ietfa.amsl.com (Postfix) with ESMTP id 090101B2B5B for <dnsop@ietf.org>; Fri, 13 Nov 2015 09:06:07 -0800 (PST)
Received: from smistad.uninett.no (smistad.uninett.no [158.38.62.77]) by smistad.uninett.no (Postfix) with ESMTP id 7E01643E98D; Fri, 13 Nov 2015 18:06:05 +0100 (CET)
Date: Fri, 13 Nov 2015 18:06:05 +0100
Message-Id: <20151113.180605.1367817586388172409.he@uninett.no>
To: sca@andreasschulze.de
From: Havard Eidnes <he@uninett.no>
In-Reply-To: <564615F0.3010704@andreasschulze.de>
References: <564615F0.3010704@andreasschulze.de>
X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/jQAyNPTcnGFtda-HYVdELZALcXs>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] simple question
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2015 17:06:10 -0000

> consider a nameserver ns.example.com serving example.com. There is a
> delegation from com. including glue.
> Now we add a childzone sub.example.com. served by the same nameserver
> ns.example.com.
>
> should I add a entry in example.com to delegate the subzone to myself?

Generally, yes, although with the specific example, your name
server software may let you get away with not having the NS
record in the example.com zone for sub.example.com.

However, think more generally: if example.com is served by one
set of name servers, and there are some of them which do not
serve the sub.example.com zone, and you have no NS records for
sub.example.com in the parent zone, you've just created breakage,
because those which don't serve sub.example.com will return
NXDOMAIN when queried for names in that zone.

The general rule is therefore: to delegate a zone, you copy the
NS RRset from the child zone into the parent zone.  If you follow
this rule always you won't get into the above problem.

Regards,

- HÃ¥vard