Since you are digging @127.0.0.1, I can't tell for sure on which server you are performing the dig. But based on the responses, I'd say you were performing the dig on d62.test.net. d62 is authoritative for 168.192.in-addr.arpa but not for 0/16.168.192.in-addr.arpa. (The NS record for 0/16.168.192.in-addr.arpa in the 168.192.in-addr.arpa zone does not make d62 authoritative for 0/16.168.192.in-addr.arpa.) And since you appear to have disallowed recursion on d62, it will not query d88 for the NS record for 0/16.168.192.in-addr.arpa. It returns the NS record for 0/16.168.192.in-addr.arpa in the authority section of the query to tell the querying device that it needs to instead query d88 for the NS record.
________________________________ From: bind-users-boun...@lists.isc.org on behalf of Jack Tavares Sent: Mon 12/22/2008 5:05 AM To: bind-users@lists.isc.org Subject: RE: is this a valid zone file? Thanks to everybody so far. I am still confused trying to figure this out. At the risk of looking stupid... Given this zone file. $TTL 500 $ORIGIN 168.192.in-addr.arpa. @ IN SOA d62.test.net. hostmaster.d62.test.net.. 2008122201 10800 3600 604800 86400 NS d62.test.net. 0/16 NS d88.test.net. dig for a zone transfer returns [r...@d62:Active] shared # dig axfr @127.0.0.1 168.192.in-addr.arpa. ; <<>> DiG 9.5.0-P2 <<>> axfr @127.0.0.1 168.192.in-addr.arpa. ; (1 server found) ;; global options: printcmd 168.192.in-addr.arpa. 500 IN SOA d62.test.net. hostmaster.my.domain. 2008122201 10800 3600 604800 86400 168.192.in-addr.arpa. 500 IN NS d62.test.net. 0/16.168.192.in-addr.arpa. 500 IN NS d88.test.net. 168.192.in-addr.arpa. 500 IN SOA d62.test.net. hostmaster.my.domain. 2008122201 10800 3600 604800 86400 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 22 03:16:38 2008 ;; XFR size: 4 records (messages 1, bytes 179) and a dig for the NS record returns: [r...@d62:Active] shared # dig -t ns @127.0.0.1 168.192.in-addr.arpa. ; <<>> DiG 9.5.0-P2 <<>> -t ns @127.0.0.1 168.192.in-addr.arpa. ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3426 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;168.192.in-addr.arpa. IN NS ;; ANSWER SECTION: 168.192.in-addr.arpa. 500 IN NS d62.test.net. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 22 03:17:15 2008 ;; MSG SIZE rcvd: 64 while a dig for the 0/16 NS record returns 0 answers, but 1 AUTHORITY record. [r...@d62:Active] shared # dig -t ns @127.0.0.1 0/16.168.192.in-addr.arpa. ; <<>> DiG 9.5.0-P2 <<>> -t ns @127.0.0.1 0/16.168.192.in-addr.arpa. ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29418 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;0/16.168.192.in-addr.arpa. IN NS ;; AUTHORITY SECTION: 0/16.168.192.in-addr.arpa. 500 IN NS d88.test.net. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 22 03:17:53 2008 ;; MSG SIZE rcvd: 69 So I am trying to figure out, if named wont serve the 0/16 NS record from 168.192 zone, what is the purpose of putting it there? -- Jack Tavares AIM: jackatavares SKYPE: jackandkaddee Reminder: I am at GMT+2, 10 hours AHEAD of Seattle. My workweek is Sunday-Thursday. Email sent to me Thursday afternoon (PST) may not be viewed until Sunday morning (GMT+2). ________________________________________ From: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas [uh...@fantomas.sk] Sent: Monday, December 22, 2008 11:14 AM To: bind-users@lists.isc.org Subject: Re: is this a valid zone file? On 21.12.08 04:21, Jack Tavares wrote: > as specified, wouldn't this zone then be non-authoritative I believe BIND doesn't check NS Records when deciding if it should set the "AA" flag and only takes care about the records being from zone (master/slave) or authoritative source (for AA records) or cache. > > That has no NS server defined for the zone, just the ranges of the zone. > > Is that valid? > > it is, but may cause problems. NS records for the zone itself should be > defined. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users