In message <3c6f299b652a4e71b1af8bbce9380...@netadmin.bart.gov>, "Mike Bernhardt" writes: > Reading the section on delegation in the O'Reilly book, I'm confused about > something: The parent is configured to delegate the subdomain to the child > with glue records, etc. But how does the child know who to ask if a host in > the subdomain requests a record in the parent zone? They don't show any > configuration example for that other than making the child a slave for the > parent zone.
Firstly all nameservers should be configured with rootservers. Both authoritative and recursive servers, in general, need this knowledge. Hosts in the subdomain ask the local recursive server. This may or may not be the same machine that is serving the child zone. The recursive server will then work down from the root / closest configured zone to get the answer. Hosts should not be configured to talk to authoritative only servers. Others have mentioned that you shouldn't mix recursive and authoritative modes. This isn't quite correct. The official servers for a zone, listed in the NS RRset, should be authoritative only. There is no issue with a recursive server having a copy of a zone so long as it is not listed in any NS records and it is configured to be updated when the zone contents change preferably by having the servers it is transfering the zone from configured to sent it NOTIFY messages. Changes to the zone are then available nearly instaneously rather than after waiting for the TTL to expire. Often the master for the child zone is the recursive server operating in what is called "stealth mode". All the listed servers for the zone transfer from it. Now if a authoritative servers needs to look up a address they do the same thing as recursive servers, iterate down from the root / closest configured zone. Named does this when it needs to send out NOTIFY messages to nameservers it doesn't have addresses for. named can also be configured to use the local recursive server by specifying them in a forwarders clause and setting "forward only;". In either case it caches the answers internally. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users