[dns-operations] delegation-only: How useful?
Dave Wilson
richard.wilson at senokian.com
Tue Aug 19 15:34:35 UTC 2008
Hello all,
my apologies if I'm being dense, but lurking here a while suggests that
Spreading the Clue is a good thing on this list, so maybe someone can
spread some my way :-)
With all the recent hoo-hah I've decided to junk the out of date
resolver left by my predecessor and replace it with a purpose-built
machine running on OpenBSD, because that's what I know. Whilst going
over the config files, I found the following snippet[0]:
zone "com" {
type delegation-only;
};
zone "net" {
type delegation-only;
};
<End paste>
Now having googled I found the page at
http://www.isc.org/index.pl?/sw/bind/delegation-only.php
and so I get what it does, and why its useful. I also found
http://www.afnic.fr/actu/nouvelles/general/NN20070611_en
which suggests to me I shouldn't use such things if I don't truly
understand them.
If its useful, then perhaps I should expand the list to cover more than
just .com and .net, which I suspect are just there as examples. Indeed,
perhaps the use of root-delegation-only is best, to keep things clean
and tidy. However, the first page I linked suggests that there are
exceptions, and as the datestamp on the page is October 2003 the list of
exceptions I should use may well have changed, as pointed to by the
second link. Most importantly, I think I have learnt enough to know that
if I screw it up, I will most likely cause problems for those using the
resolver. As such, I am unsure how I should proceed. Is there a
canonical list of which tlds should be excepted from
root-delegation-only that I should have found?
More importantly perhaps, is there a source of information and advice
with respect to best practices and conventions for running DNS servers
that I should have checked before bugging you guys with my daft
questions? So far I've found
http://bestpractices.wikia.com/wiki/Main_Page#Domain_Name_System_.28DNS.29
but it didn't address this particular issue.
Thanks,
Dave Wilson,
Systems Admin,
Senokian Solutions.
PS: pasting big URLs into emails is annoying, but when I've used things
like tinyurl before on mailing lists, people have complained that they
can't see where links are going. Is there an accepted ettiquette here?
[0] Taken from the default OpenBSD named.conf file,
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/bind/named-simple.conf
More information about the dns-operations
mailing list