On 23-Oct-2008, at 11:59 , Valentin Nechayev wrote: > Hi, > this question seems to be almost FAQ, but I can't find answer to it.:( > We have got strange reaction of newer BIND versions to glue records > which point into child zone. > > Consider domain "example.org" with glue record:
I'll start by saying there may be some nuance of the RFC that I'm not grasping, and I'm sure Mark or someone will pipe up if I get this wrong... that said... I belive your problem is that, once you have a zone cut in place (a delegation to a subzone) then the parent zone is no longer authoritative for anything below that cut. In your example, the parent zone (example.org) delegates authority for hq.example.org, and so it is not authoritative for anything at or below that domain.. which means that it can't give an authoritative answer for ns1.hq.example.org. It can provide glue for ns.hq.example.org because that is necessary for the delegation to work, but that glue is actually passed as non- authoritative data. If you really want to use a host in the subzone as the name server for the parent zone, then you should remove the ns1.hq.example.org host from the example.org zone. I don't recommend this, however.. even if it's technically permissible, it seems likely this could cause some problems higher up the delegation chain. My recommendation would be to make sure that the authoritative servers for the example.com zone are within that zone, not within some subzone. HTH, Matt
