Query regarding NS record
Kevin Darcy
kcd at chrysler.com
Sun Sep 18 16:11:28 UTC 2011
"ANY". That NS record tells *the*world* (not just your ISP) that they
can come to your nameserver to resolve names in the zone.
It wouldn't be much a failover strategy if you were relying on your
ISP's nameservers to somehow "proxy" the queries over to you, when
they're down.
Open up inbound destination port 53 TCP/UDP (for queries) and outbound
source port 53 TCP/UDP (for responses). The destination port outbound
will be the same as the source port inbound, for a given DNS
transaction, if your firewalls are stateful enough to keep track of such
things.
- Kevin
On 9/18/2011 12:01 PM, babu dheen wrote:
> Hi,
> Once i delegated NS record in my ISP name server to my company name
> server for mail.myoffice.com website as below. Do i need to allow DNS
> port from ANY(INTERNET) to my DNS server in firewall or i just need to
> allow DNS traffic only from ISP DNS server
> ISP DNS server configuration
> mycompany-dns-server-ip IN A 10.10.10.10
> mail.myoffice.com IN NS<mycompany dns server ip>
> Regards
> Papdheen M
> *From:* Kevin Darcy <kcd at chrysler.com>
> *To:* bind-users at lists.isc.org
> *Sent:* Sunday, 18 September 2011 5:09 PM
> *Subject:* Re: Query regarding NS record
>
> Are you talking about recursive clients failing over?
>
> Or other nameservers trying to talk to yours, non-recursively?
>
> Recursive clients don't use NS records at all and you need to approach
> the failover problem in a completely different way (e.g. relying on
> the client failing over from one resolver IP address to another, or
> implementing an Anycast solution).
>
> If you're talking about nameserver-to-nameserver traffic, then just
> publish multiple NS records for the relevant zone(s) and the
> nameserver-selection algorithm embedded in every known
> iterative-resolver implementation will take care of the load-balancing
> and failover; to summarize, faster-responding nameservers will be
> chosen over slower-responding ones.
>
>
>
> - Kevin
>
> On 9/16/2011 11:17 AM, babu dheen wrote:
>> Hi,
>> Can anyone let me know how i can resolve the below requirement.
>> Requirement:
>> We have two offices. One is main office and another one is remote
>> branch office. Now my company client requirement is that if main
>> office DNS server is not reachable, all DNS query should be sent to
>> branch office DNS server. How this can be acheived using BIND?
>> For example, my company mail website is; mail.mycompany.com which is
>> pointed as below in ISP name server.
>> mail.mycompany.com IN NS ns1.mainoffice.com
>> mail.mycompany.com IN NS ns1.branceoffice.com
>> Is the above record is correct or not?
>> Please suggest.
>> Regards
>> papdheen M
>>
>>
>> _______________________________________________
>> Please visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110918/f6aa5827/attachment.html>
More information about the bind-users
mailing list