[nsd-users] 'deeper' labels and a covering NS delegation

Jeroen Massar jeroen at massar.ch
Tue Mar 5 13:53:38 UTC 2013


Hi,

I did something silly in the following form:

8<----------------------------
$TTL 14400
$ORIGIN example.org.

@ IN SOA localhost. dns.example.org. (2013022402 10800 3600 2419200 14400 )
                                NS ns1.example.net.
                                NS ns2.example.net.
                                NS ns3.example.net.

test.very.deep.label.subdomain TXT "Deep Label"

subdomain                       NS ns1.example.net.
                                NS ns2.example.net.
                                NS ns3.example.net.
---------------------------------->8

Fun detail in this silly thing is that we do not provide
subdomain.example.org to nsd, that is we do not configure it.

The 'test.very.deep.label.subdomain' apparently can never be queried as
the NS entry overrules it and thus we just get an endless redirect to
ns1/2/3.example.net (till the DNS client gives up rightly ;).

For silly people like me, it would I think be a good idea to at least
warn about the above case, that is the deeper label, the re-delegation
to the same host is a standard delegation thing and a misconfiguration
which though could be valid; the deeper label should never be valid though.

A 'nsdc rebuild' will silently proceed without any warning.
(On nsd 3.2.9-1 that is)

Greets,
 Jeroen



More information about the nsd-users mailing list