Saucepan

User Tools

Site Tools

Trace: logging troubleshooting fibre_cable_global_map cve dns_servers ecosystem best_practice ipv4 bind_configure_guide dnssec
infoblox_nios:delegation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox_nios:delegation [2025/06/02 16:54] bstaffordinfoblox_nios:delegation [2025/06/08 22:17] (current) bstafford
Line 2: Line 2:
 [[dns:delegation|DNS Delegation]] [[dns:delegation|DNS Delegation]]
  
-When you create a delegation in NIOS, make sure that the "Name" of the delegated name server is the correct FQDN of the name server(s) you are delegating to (in addition to the IP addresses you set). If it is correctand if NIOS is recursive, then NIOS will resolve the delegation for recurisve queries and, for non-recursive queries (+norecurse in DIG) it will return FQDN but not IP.+When you create a delegation in NIOS, make sure that the "Name" of the delegated name server is the correct FQDN of the name server(s) you are delegating to (in addition to the IP addresses you set). If NIOS is authoritative for the FQDN's zonethen a "system" record is automatically created for the FQDN that cannot be deleted. If NIOS is recursive, then NIOS will resolve the delegation for recurring queries. For non-recursive queries (+norecurse in DIG) or for recursive queries to NIOS that isn't configured for recursion, NIOS will return FQDN but not IP so it is up to the client (should be a recursive DNS server) to resolve the FQDN. The only exception is when the FQDN is inside the delegation (e.g. ns1.sub-zone.main-zone.corp is the name server for the delegation sub-zone.main-zone.corp). In this case, IP is returned along with the FQDN (and the IP bit is called a glue record). 
 + 
 +If you change the FQDN of a delegation server, the existing system record will be removed and replaced with the new value. 
 + 
 +If NIOS is not authoritative for the FQDN of the delegation server, it will try and resolve the FQDN to get the IP (even though the delegation config already has the IP) and recurse the answer for the client. 
 + 
 +i.e. on a recursive server, a properly configured delegation zone acts like a conditional forwarder. 
 + 
 +If the FQDN of the nameserver for a delegation is inside the delegation itself, the NIOS will auto-add glue records when queried for the hosts in the delegation. 
 + 
 +===== Conditional Forwarder Comparison ===== 
 +By default in NIOS, when you create a conditional forwarder, you don't tick the "Disable auto-generation of NS records in parent authoritative zone" option. This means that if you configure a conditional forwarder instead of a delegation, then you will get the answer if you send a query but, as soon as recursion is turned off, you will get the FQDN of the target name server in the conditional forwarder config (which is why it is important to configure the correct name of the delegated nameserver in the NIOS configuration). 
 + 
 +If you send an iterative query (+norecurse) to NIOS that has a conditional forwarder to the sub-domain, then you will get back whatever FQDN is configured in the conditional forwarder. If the FQDN of the target name server is in the sub-domain itself, then glue record will be returned with the FQDN of the name server. 
 + 
 +If recursion is disabled but the Conditional Forward zone to the subdomain is configured, the FQDN of the target name server will be returned. 
 + 
 +All of the above is untrue if you tick "Disable auto-generation of NS records in parent authoritative zone" option.
  
infoblox_nios/delegation.1748883243.txt.gz · Last modified: by bstafford