On Tue, Jun 28, 2011 at 1:39 AM, umiotoko <[email protected]> wrote:
> myhost IN CNAME myhost.newsubzone.mydomain.tld > newsubzone IN NS ns1.myotherdomain.tld > newsubzone IN NS ns2.myotherdomain.tld > > --- End snippet --- > > My reading of bind documentation seems to show that when delegating a > subzone to an external server we need glue host (A) records for the subzone > nameservers (example below). > > -- Question - do we need A records for the external DNS servers like this ? > ----------- > ns1.myotherdomain.tld IN A 10.1.0.100 > ns2.myotherdomain.tld IN A 10.1.0.150 > You only need glue records if the names for the nameservers you delegate to are within the scope of the subdomain you're trying to erect. As ns(1|2).myotherdomain.tld are completely outside the scope of newsubzone.mydomain.tld you do not need any glue records there. Does this sound accurate ? I don't have the entire zone file, and I don't > know how exactly they host it, so I understand this is incomplete > information. My snippet doesn't have trailing dots either, so I'm going to > guess they host in a DB. > Yes, that sounds likely. > When I do a dig to my DNS providers NS, I get the following: > > C:\>dig @ns1.mydnsprovider.net > > ; <<>> DiG 9.3.2 <<>> @ns1.mydnsprovider.net myhost.mydomain.tld > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 708 > ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;myhost.mydomain.tld. IN A > > ;; ANSWER SECTION: > myhost.mydomain.tld. 3600 IN CNAME > myhost.newsubzone.mydomain.tld. > > ;; AUTHORITY SECTION: > newsubzone.mydomain.tld. 3600 IN NS > ns1.myotherdomain.tld. > newsubzone.mydomain.tld. 3600 IN NS > ns2.myotherdomain.tld. > > ;; Query time: 14 msec > ;; SERVER: x.x.x.x#53(x.x.x.x) > ;; WHEN: Mon Jun 27 16:27:20 2011 > ;; MSG SIZE rcvd: 108 When specifying a host to ask dig will only present you with what that host replies. The host you queried is probably authoritative only and will not recurse for you. Try if querying @8.8.8.8 returns an A record and if +trace walks all the way through. If you can ping myhost.mydomain.tld it should all be well. Ping will use the gethostbyname function of your libc which (usually) queries a recursive nameserver Stefan
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
