> I suspect you don't need the NS records in challenge.state.ak.us and > if you remove them then the records in challenge.state.ak.us are > simply part of the state.ak.us zone since they're served off of the > same server.
Unfortunately "not quite". While a publishing name server will respond with data from the most specific zone available to it when queried (e.g. for the NS records for challenge.state.ak.us), this "overriding" or "leakage" does not happen when you do a zone transfer of the parent zone (state.ak.us). So ... if you have a publishing name server which is a name server for state.ak.us and not for challenge.state.ak.us, it will *not* have the delegation NS RRset for challenge.state.ak.us, and if a recursor happens to query this particular publishing name server as part of the process of resolving a name in challenge.state.ak.us, it will get an apparently-spurious NXDOMAIN response. I understand this isn't the case right now, but this is a problem which might come and bite your behind if you later decide to change the NS RRsets so that they are no longer equal for the two zones. So the long and short of my advice: do the delegations properly by copying the NS RRset from the child to the parent, plus any required address glue records, and this particular problem will not become an issue. Best regards, - HÃ¥vard -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
