Comment 12 for bug 1917099

Because designate isn't the only DNS server that serves these zones. We manage the zones in designate and we zone transfer them other places to serve the records. If we zone transfer the child and parent zones to the same authoritative host it works fine, but if we only zone transfer the parent.. then that authoritative host doesn't know where to look for child. Normal DNS protocol would use a stub entry or DNS recursion (which is what we are relying on). I linked the relevant RFCs before, but if you can't put NS records for child into the parent zone then recursion won't work.

This is normal DNS practice as defined in the RFCs. Lets say a user is trying to get to child.parent.example.com but the DNS server they are hitting doesn't know anything about child.parent.example.com only parent.example.com..

1. first the DNS server would look for NS records in parent.example.com for child.parent.example.com
2. then it would query those nameservers for the original answer

Another scenario for recursion... if someone queried for record.child.parent.example.com but the DNS server they are querying doesn't know anything about child or parent...

1. first the DNS server would check if it knows anything about example.com (no)
2. then it checks if it knows how to get to .com (yes -- check the root servers)
3. the server queries root servers and gets the .com nameservers and asks them about child.parent.example.com or parent.example.com (assuming we didn't put a stub entry here for child.parent.example.com INSIDE example.com.. it should know where parent.example.com is because parent.example NS records exist in exmaple.com.. )
4. then the original DNS server would query the NS records it found for parent.exammpe.com
5. then the original DNS server should find the NS records for child.parent.example.com inside parent.example.com