On Fri, Oct 28, 2011 at 04:48:10PM +0000, Laws, Peter C. wrote: >> It seems like there are two ways I could delegate a zone. >> >> I could, in the zone file for the parent, simply list the name of the zone >> and a number of NS records to which the zone has been delegated. >> >> Or, I could create a zone statement within named.conf that points to a file >> that contains an SOA and a number of NS records to which the zone has been >> delegated. >> >> Which is better and which should I prefer?
> Bill Owens owens at nysernet.org wrote: >If I'm reading this correctly, both ;) I take it the same servers are >authoritative for both parent and child, right? You can get away with just >creating the new zone in named.conf and not delegating it properly in the >parent, due to a quirk in BIND behavior; it always answers from its authority >and the chain of resolution will always pass through the server (because it's >authoritative for the parent). But when* you configure DNSSEC, the lack of NS >records in the parent zone will break your configuration. So installing them >now will save you that grief later. >I don't think that the order is particularly important, since queries can't be >answered until the zone is created and configured in named.conf, though I >suppose that creating the zone first is slightly more correct. Thanks. That's the bit I was looking for, SOME stuff is a quirk of BIND, like this. OK, so simply putting the NS records in the parent zone is sufficient to make it a separate zone. No need to put stuff in named.conf unless I want to or until I actually delegate to a different set of nameservers. My thought was to create the new zones as zones on the parent server as a prelude to actually delegating them, in a sense, delegating the zone to myself. That will let me clean stuff up and get it ready for the coming move. Yes, DNSSEC is, IMHO, much like IPv6 - no one wants to mess with it but a lot of people claim it's inevitable. *Hopefully* both will end up like maglevs and monorails - "technology of the future: always has been, always will be". :-) -- Peter Laws / N5UWY _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users