On Fri, Oct 28, 2011 at 04:48:10PM +0000, Laws, Peter C. wrote: > It seems like there are two ways I could delegate a zone. > > I could, in the zone file for the parent, simply list the name of the zone > and a number of NS records to which the zone has been delegated. > > Or, I could create a zone statement within named.conf that points to a file > that contains an SOA and a number of NS records to which the zone has been > delegated. > > Which is better and which should I prefer?
If I'm reading this correctly, both ;) I take it the same servers are authoritative for both parent and child, right? You can get away with just creating the new zone in named.conf and not delegating it properly in the parent, due to a quirk in BIND behavior; it always answers from its authority and the chain of resolution will always pass through the server (because it's authoritative for the parent). But when* you configure DNSSEC, the lack of NS records in the parent zone will break your configuration. So installing them now will save you that grief later. I don't think that the order is particularly important, since queries can't be answered until the zone is created and configured in named.conf, though I suppose that creating the zone first is slightly more correct. Bill. (* note that I didn't say if you install DNSSEC, since I believe it will be inevitable ;) _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
