DNS recursive resolvers and glue records


Aspiring Daemon

Reaction score: 356
Messages: 826

This isn't directly related to FreeBSD but DNS in general, I hope it's still allowed to ask as there seem to be some people with good networking knowledge here :)

I had an error in my DNS setup lately. I have a domain, with a zone hosted on the nameservers of my provider, I can just edit this zone. Let's say this is example.com. I created a sub domain like sub.example.com by installing bind as an authorative nameserver for it, with a hostname of ns1.sub.example.com and created a glue record in the example.com zone.

Now, this glue record was correct, but I made a mistake in the sub.example.com zone, where the A record for ns1.sub.example.com was wrong.

I noticed something was wrong only after using this same nameserver (ns1.sub.example.com) for a reverse DNS delegation. It turned out that some remote sites could correctly resolve my IP addresses, but most couldn't. So, those that couldn't obviously found my nameserver by the glue record, just to ask it again for the address of itself, and tried to use this address to resolve the actual IP address. The few that worked didn't bother to do this extra step and just asked my nameserver for resolving the IP address after finding it's glue record in the parent zone.

My question now is: Is it defined whether recursive resolvers should/must lookup the nameserver again in its own authorative zone? If so, why?

Just asking this out of interest, I of course fixed my problem quickly by correcting my zone file for sub.example.com :)