how to create new delegation record for IPV6.

Phil Mayers p.mayers at imperial.ac.uk
Fri Feb 17 14:22:39 CET 2012 

On 17/02/12 13:04, Bjørn Mork wrote:
> Gert Doering<gert at space.net>  writes:
>> On Fri, Feb 17, 2012 at 09:36:08AM +0530, omdutt wrote:
>>> My Q is simple can it possible to create NS and 'A' record with same Host
>>> name like www........
>>
>> It is not.  You can not have NS and any other records, period.
>
> No I'm confused.  You're sure you're not thinking CNAMEs now?

This whole thread is confusing ;o)

It's not clear what the original poster wanted to do. But on the subject 
of NS records, it's important to bear in mind that they exist in two 
places, serving different rules:

  1. In the parent zone, marking a delegation i.e. NOT at the apex of 
the zone. In this case, although many nameservers will allow you to 
create other records with the same name (and even child names - useful 
for pre-populating when you're about to remove a zone cut) they will 
normally be "masked" i.e. never returned in response to queries.

   That is - the non-apex NS record marks a delegation and causes the 
nameserver to refer the querying client. Special handling exists for 
certain child names (glue A) and other RR types at the same name (DS 
records in DNSSEC). But normally, a non-apex NS record masks other 
records at or below that name.


  2. In the child zone, at the apex. Obviously these can exist alongside 
other records, including the (mandatory) SOA.


I *think* the original poster wanted to do this:

server1:

   name.test.com. NS server2.test.com
   name.test.com. A  192.0.2.1

server2:

   name.test.com. AAAA 2001:db8::1

...presumably because server1 isn't capable of loading a AAAA into the zone?

This doesn't really work, because the NS record at server1 will mask the 
A record, at least on common nameserver implementations. It will 
probably trigger all kinds of other brokenness too.

There are solutions, such as the "unbound" nameserver and local-data 
directives, but I would strongly advise against this.

Note that CNAMEs are indeed mutually exclusive with all other records 
EXCEPT the DNSSEC RRSIG and NSEC/NSEC3 records. However, there are 
*also* nameservers that do not honour this restriction. Such nameservers 
are broken, and lead to inconsistent results.


Finally: I would advise omdutt to do two things:

  1. Find a more appropriate forum for his question; specifically, 
something related to nameserver operation questions, ideally for the 
software he's actually running.

  2. Re-state his question, being more precise about what he wants to 
do, because the current question is just confusing.

More information about the ipv6-ops mailing list