Authoritative NS records in DNS server
|Reported by:||kchen||Owned by:|
Zones should have NS records listing the authoritative nameservers for the zone. Aside from being required (see for example RFC 2181, section 6.1), these records also control how authoritative client nameservers treat the information -- for example, from BIND's cache, compare:
; glue xvm.MIT.EDU. 21585 NS NS1.xvm.mit.edu.
; authauthority CSAIL.MIT.EDU. 14197 NS lampang.lcs.mit.edu.
14197 NS auth-ns0.csail.mit.edu. 14197 NS auth-ns1.csail.mit.edu. 14197 NS auth-ns2.csail.mit.edu. 14197 NS auth-ns3.csail.mit.edu.
In addition to returning such records for an NS query, the DNS server should (although isn't required to) also return the NS records for the top of the zone, which also affects how client nameservers treat the information. For example:
kchen@scyther:~$ dig abra.mit.edu @bitsy.mit.edu
; <<>> DiG 9.3.4 <<>> abra.mit.edu @bitsy.mit.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62378 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION: ;abra.mit.edu. IN A
;; ANSWER SECTION: abra.mit.edu. 21600 IN A 188.8.131.52
;; AUTHORITY SECTION: mit.edu. 21600 IN NS BITSY.mit.edu. mit.edu. 21600 IN NS W20NS.mit.edu. mit.edu. 21600 IN NS STRAWB.mit.edu. [snip]
RFC 2181 section 5.4.1 talks a bit about how the NS records in the authority section are treated.
Change History (7)
comment:1 Changed 9 years ago by kchen
- Component changed from other to dns
- Owner changed from sipb-xen to ecprice
comment:2 Changed 9 years ago by kchen
- Owner changed from ecprice to sipb-xen
- Status changed from new to assigned
comment:5 Changed 9 years ago by broder
- Resolution set to fixed
- Status changed from assigned to closed
comment:6 Changed 9 years ago by broder
- Resolution fixed deleted
- Status changed from closed to reopened