I have a DNS zone of example.com with a record of type A
defined for foo.example.com
. On that same server, I have another zone named foo.example.com
with and no A record defined at the top of the zone. If my server receives a query for foo.example.com
, will it return the record defined in the example.com
zone? (Or would the search algorithm stop once it gets to the more specific zone, then answer "not found"?)
A similar question:
If I have all of the above, if I then set up an A
record at the top of the foo.example.com
zone (@
) pointing to a different IP address, which address would be returned?
example.com
foo.example.com. 3600 IN A <location A>
foo.example.com
@ 3600 IN A <location B>
Obviously you don't need both - I am teasing out the behavior of DNS. But is there a standard way to approach this - a standard place to put it?
I am using BIND.
When overlapping zones are defined on an authoritative nameserver, the most specific zone is used to provide the answer.
example.com. IN A?
hits theexample.com
zone.foo.example.com. IN A?
hits thefoo.example.com
zone. Iffoo.example.com
is defined in theexample.com
zone, it will be ignored.sub.foo.example.com. IN A?
hits thefoo.example.com
zone, because it is more specific for the request thanexample.com
.In your specific example, the returned value for the query would be
NXDOMAIN
because thefoo.example.com
zone does not provide an A record definition for itself.To use DNS terminology, there is effectively a zone cut at the boundary between the parent zone and the more specific zone. RFC2181 §6.1 describes the proper behavior for your scenario:
As for which is a best practice, that's completely up to you. You can put all of your records in a single zone, or break out separate zone files for your subdomains if it would be more convenient. (say, due to them containing hundreds of records each) The one thing I would caution, which isn't very obvious, is that validation tools like
named-checkzone
typically have no awareness of subzones living on the same server and may generate incorrect warnings if the parent zone includes references to records inside the child zone. (say, CNAME aliases)