Athority in Bind 9
Ruben I Safir - Brooklyn Linux Solutions CEO
ruben at mrbrklyn.com
Sun Feb 11 03:47:37 UTC 2001
>
> You mean only one *usable* authority record, right? home.rm-cpa.com is not
usable
> because it's on a private address.
Right The other address is the internal addres of the same machine.
> They shouldn't be advertising that publically. Seems
> someone needs to learn how to do split DNS...
Amoung other things about DNS
I've removed that record as the NS record and changed the serial numbers
and restarted named
> In this case, yes. wynn.com is delegated from .com to 3 nameservers. But you
can only
> tell that for sure by querying the .com servers directly.
OK - How would I go about doing this?
> Well, I'm not surprised. Not only is mail.rm-cpa.com publishing one bogus and
only one
> working NS for rm-cpa.com,
but two of the three delegated servers for that domain are
> *not*only* lame, they are also returning an SOA-less authoritative NXDOMAIN
for
> everything outside of their authoritative zones (except for the root zone,
which
> returns FORMERR).
How do you get that infomration?
When I checked the com site I get this....
> dig @com rm-cpa.com
; <<>> DiG 8.2 <<>> @com rm-cpa.com
; Bad server: com -- using default server and timer opts
; (2 servers found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; rm-cpa.com, type = A, class = IN
;; AUTHORITY SECTION:
rm-cpa.com. 1D IN SOA rm-cpa.com. root.home.rc-cpa.com. (
5 ; serial
12H ; refresh
1H ; retry
4W ; expiry
1D ) ; minimum
;; Total query time: 2 msec
;; FROM: superman.rm-cpa.com to SERVER: default -- 192.168.0.100
;; WHEN: Sat Feb 10 22:39:58 2001
;; MSG SIZE sent: 28 rcvd: 81
There is no machine rm-cpa.com and I see nothing about the up stream
DNS which I thought we had.
>All of this makes resolution of rm-cpa.com names rather difficult: a
> two-thirds chance of getting a bad delegation to start with, and a Single
Point of
> Failure even if you get "lucky". Talk about running the gauntlet...
>
> > Can I use anyone as a authoritative
> > DNS and just make a record?
>
> Sure, technically you can delegate to anyone. But it's rude to delegate
without
> permission,
Yeah - I ment someone who I know and a friend - or myself
Would I do this by just adding the authoritative servers to the
NS records?
--
Brooklyn Linux Solutions
http://www.mrbrklyn.com
http://www.brooklynonline.com
1-718-382-5752
More information about the bind-users
mailing list