RE: How does a child find its parent?
Reading the section on delegation in the O'Reilly book, I'm confused about something: The parent is configured to delegate the subdomain to the child with glue records, etc. But how does the child know who to ask if a host in the subdomain requests a record in the parent zone? They don't show any configuration example for that other than making the child a slave for the parent zone. I think the confusion relates to the separate roles of authoritative name servers and recursive resolvers. A host in the subdomain would ask a recursive resolver to find a record in the parent domain, or for that manner any record, and the resolver would find it through the standard recursive resolution process starting from the DNS root. The slave server, which is not a recursive resolver but an authoritative server, would not be a party to that. If the slave needed to contact the parent for any reason, it would also use a recursive resolver to find the parent's address. That recursive resolver would be configured in /etc/resolv.conf or in Windows as a DNS entry in the network interface configuration. Jeffry A. Spain Network Administrator Cincinnati Country Day School ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How does a child find its parent?
On 5/8/2012 1:56 PM, Mike Bernhardt wrote: Reading the section on delegation in the O'Reilly book, I'm confused about something: The parent is configured to delegate the subdomain to the child with glue records, etc. But how does the child know who to ask if a host in the subdomain requests a record in the parent zone? They don't show any configuration example for that other than making the child a slave for the parent zone. It would follow the same algorithm as it would for queries of names in a completely different namespace, e.g. it might follow the delegation chain down from the root zone. Note, however, that it is generally considered good practice to separate recursive and non-recursive functions. If that practice is followed, an authoritative server for a zone won't be trying to answer queries about its parent zone, unless it also happens to be authoritative for that parent zone (in which case it has an authoritative copy of the zone and it's a moot point). - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How does a child find its parent?
The child doesn't know it's parent and goes up to the root like any other server would. -Ben Croswell On May 8, 2012 2:13 PM, Mike Bernhardt bernha...@bart.gov wrote: Reading the section on delegation in the O'Reilly book, I'm confused about something: The parent is configured to delegate the subdomain to the child with glue records, etc. But how does the child know who to ask if a host in the subdomain requests a record in the parent zone? They don't show any configuration example for that other than making the child a slave for the parent zone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: How does a child find its parent?
In this case, the root only knows the external public server, not the internal parent who is doing the delegating. So it would seem that slaving the internal parent is the only solution for resolving hosts in the internal parent domain, correct? _ From: Ben Croswell [mailto:ben.crosw...@gmail.com] Sent: Tuesday, May 08, 2012 12:21 PM To: Mike Bernhardt Cc: bind-users@lists.isc.org Subject: Re: How does a child find its parent? The child doesn't know it's parent and goes up to the root like any other server would. -Ben Croswell On May 8, 2012 2:13 PM, Mike Bernhardt bernha...@bart.gov wrote: Reading the section on delegation in the O'Reilly book, I'm confused about something: The parent is configured to delegate the subdomain to the child with glue records, etc. But how does the child know who to ask if a host in the subdomain requests a record in the parent zone? They don't show any configuration example for that other than making the child a slave for the parent zone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: How does a child find its parent?
Another option would be zone level forwarding on the child to point at the parent or stub zones. -Ben Croswell On May 8, 2012 3:59 PM, Mike Bernhardt bernha...@bart.gov wrote: In this case, the root only knows the external public server, not the internal parent who is doing the delegating. So it would seem that slaving the internal parent is the only solution for resolving hosts in the internal parent domain, correct? ** ** -- *From:* Ben Croswell [mailto:ben.crosw...@gmail.com] *Sent:* Tuesday, May 08, 2012 12:21 PM *To:* Mike Bernhardt *Cc:* bind-users@lists.isc.org *Subject:* Re: How does a child find its parent? ** ** The child doesn't know it's parent and goes up to the root like any other server would. -Ben Croswell On May 8, 2012 2:13 PM, Mike Bernhardt bernha...@bart.gov wrote: Reading the section on delegation in the O'Reilly book, I'm confused about something: The parent is configured to delegate the subdomain to the child with glue records, etc. But how does the child know who to ask if a host in the subdomain requests a record in the parent zone? They don't show any configuration example for that other than making the child a slave for the parent zone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: How does a child find its parent?
I don't think the child domain is on BIND so that may or may not be an option. But, good idea. Thanks for your help! _ From: Ben Croswell [mailto:ben.crosw...@gmail.com] Sent: Tuesday, May 08, 2012 1:16 PM To: Mike Bernhardt Cc: bind-users@lists.isc.org Subject: RE: How does a child find its parent? Another option would be zone level forwarding on the child to point at the parent or stub zones. -Ben Croswell On May 8, 2012 3:59 PM, Mike Bernhardt bernha...@bart.gov wrote: In this case, the root only knows the external public server, not the internal parent who is doing the delegating. So it would seem that slaving the internal parent is the only solution for resolving hosts in the internal parent domain, correct? _ From: Ben Croswell [mailto:ben.crosw...@gmail.com] Sent: Tuesday, May 08, 2012 12:21 PM To: Mike Bernhardt Cc: bind-users@lists.isc.org Subject: Re: How does a child find its parent? The child doesn't know it's parent and goes up to the root like any other server would. -Ben Croswell On May 8, 2012 2:13 PM, Mike Bernhardt bernha...@bart.gov wrote: Reading the section on delegation in the O'Reilly book, I'm confused about something: The parent is configured to delegate the subdomain to the child with glue records, etc. But how does the child know who to ask if a host in the subdomain requests a record in the parent zone? They don't show any configuration example for that other than making the child a slave for the parent zone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How does a child find its parent?
Selective forwarding and stub zones are available in Microsoft DNS, or so I'm told... (Although I feel obligated to point out that this is a BIND-oriented list, so you may not get a lot of configuration advice for Microsoft products). - Kevin On 5/8/2012 4:21 PM, Mike Bernhardt wrote: I don't think the child domain is on BIND so that may or may not be an option. But, good idea. Thanks for your help! *From:*Ben Croswell [mailto:ben.crosw...@gmail.com] *Sent:* Tuesday, May 08, 2012 1:16 PM *To:* Mike Bernhardt *Cc:* bind-users@lists.isc.org *Subject:* RE: How does a child find its parent? Another option would be zone level forwarding on the child to point at the parent or stub zones. -Ben Croswell On May 8, 2012 3:59 PM, Mike Bernhardt bernha...@bart.gov mailto:bernha...@bart.gov wrote: In this case, the root only knows the external public server, not the internal parent who is doing the delegating. So it would seem that slaving the internal parent is the only solution for resolving hosts in the internal parent domain, correct? *From:*Ben Croswell [mailto:ben.crosw...@gmail.com mailto:ben.crosw...@gmail.com] *Sent:* Tuesday, May 08, 2012 12:21 PM *To:* Mike Bernhardt *Cc:* bind-users@lists.isc.org mailto:bind-users@lists.isc.org *Subject:* Re: How does a child find its parent? The child doesn't know it's parent and goes up to the root like any other server would. -Ben Croswell On May 8, 2012 2:13 PM, Mike Bernhardt bernha...@bart.gov mailto:bernha...@bart.gov wrote: Reading the section on delegation in the O'Reilly book, I'm confused about something: The parent is configured to delegate the subdomain to the child with glue records, etc. But how does the child know who to ask if a host in the subdomain requests a record in the parent zone? They don't show any configuration example for that other than making the child a slave for the parent zone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How does a child find its parent?
In message 3c6f299b652a4e71b1af8bbce9380...@netadmin.bart.gov, Mike Bernhardt writes: Reading the section on delegation in the O'Reilly book, I'm confused about something: The parent is configured to delegate the subdomain to the child with glue records, etc. But how does the child know who to ask if a host in the subdomain requests a record in the parent zone? They don't show any configuration example for that other than making the child a slave for the parent zone. Firstly all nameservers should be configured with rootservers. Both authoritative and recursive servers, in general, need this knowledge. Hosts in the subdomain ask the local recursive server. This may or may not be the same machine that is serving the child zone. The recursive server will then work down from the root / closest configured zone to get the answer. Hosts should not be configured to talk to authoritative only servers. Others have mentioned that you shouldn't mix recursive and authoritative modes. This isn't quite correct. The official servers for a zone, listed in the NS RRset, should be authoritative only. There is no issue with a recursive server having a copy of a zone so long as it is not listed in any NS records and it is configured to be updated when the zone contents change preferably by having the servers it is transfering the zone from configured to sent it NOTIFY messages. Changes to the zone are then available nearly instaneously rather than after waiting for the TTL to expire. Often the master for the child zone is the recursive server operating in what is called stealth mode. All the listed servers for the zone transfer from it. Now if a authoritative servers needs to look up a address they do the same thing as recursive servers, iterate down from the root / closest configured zone. Named does this when it needs to send out NOTIFY messages to nameservers it doesn't have addresses for. named can also be configured to use the local recursive server by specifying them in a forwarders clause and setting forward only;. In either case it caches the answers internally. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users