Good Parenting
Now that the delegation to the fx.movie.edu name servers is in place, we—responsible parents that we are—should check that delegation using DNSLint, available with the Windows Server 2003 Support Tools.
DNSLint makes it easy to check delegation. With DNSLint, you can look up the NS records for your zone on one of your zone’s authoritative name servers and query each name server listed for the zone’s SOA record. The query is nonrecursive, so the name server queried doesn’t query other name servers to find the SOA record. If the name server replies, DNSLint checks the reply to see whether the aa (authoritative answer) bit in the reply packet is set. If it is, the name server checks to make sure that the packet contains an answer. If both these criteria are met, the name server is flagged as authoritative for the zone. Otherwise, the name server is not authoritative, and DNSLint reports an error.
Why all the fuss over bad delegation? Incorrect delegation can slow name resolution or cause the propagation of old and erroneous root name server information. When a name server is queried for data in a zone for which it is not authoritative, it does its best to provide useful information to the querier. This “useful information” comes in the form of NS records for the closest ancestor zone the name server knows. (We mentioned this briefly in Chapter 9, when we discussed why you shouldn’t register a caching-only name server.)
For example, say one of the fx.movie.edu ...
Get DNS on Windows Server 2003, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
