Getting hold of serial numbers
Bill Larson
bind9 at comcast.net
Thu Dec 16 19:34:19 UTC 2004
On Dec 16, 2004, at 5:43 AM, Johnathan Long wrote:
> In article <cpqprj$29cb$1 at sf1.isc.org>,
> Barry Margolin <barmar at alum.mit.edu> wrote:
>
>> If you ever see a difference between WHOIS and a delegation, it's
>> either
>> because you caught it during a change window (the WHOIS database has
>> updated, but the changes haven't propagated to the GTLD servers) or
>> something is broken in the process of feeding data from registrar to
>> registry to DNS.
>
> Yes, and that condition is far more common than one would hope.
There is also another issue here that is being missed. The list of
delegated name servers for a zone comes from the server itself, not the
parent. This means that the administrator of a zone can delegate more
servers for a zone than the parent knows of.
Using the example that generated this topic, "totalflood.com", the GTLD
servers identify four servers for this zone. These are identical to
the servers that "whois" identifies. When you query one of these
servers you obtain a list of nine servers, five more delegated servers
than the parent, GTLD, servers know of.
Once a query for any "totalflood.com" DNS information is obtained from
one of the servers identified in by the parent, then the complete list
of servers identified by the delegated server will be known. This list
of delegated servers may NOT be the same as the list of servers known
to either the whois system or the GTLD servers. The GTLD and root
servers are not authoritative for the second level domains, like
"totalflood.com", only the top level domains.
So, to know what name servers to query to check the SOA records, you
need to check all of the name servers that are listed by an
authoritative name server for a zone, which are defined on those
servers themselves, rather than just the servers identified by the
parent or from whois.
Bill Larson
More information about the bind-users
mailing list