"spare hosts" as personal DNS nameservers for 'mynew.org'
Tony Finch
dot at dotat.at
Wed Jul 12 10:35:35 UTC 2017
bind at zq3q.org <bind at zq3q.org> wrote:
> One of my real hosts is below xen.prgmr.com, like the fake 'zap' above,
> so I would have to email prgmr.com support to get them to add
>
> mynew.org. IN NS zap.xen.prgmr.com.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ << Is this valid?
>
> to the xen.prgmr.com zone.
There's a bit of confusion here, but this is a legitimately confusing
part of the DNS because there are multiple layers of indirection and
two kinds of indirection...
The first kind there are the delegation records in the parent zone, and
the authoritative records at the apex of the child zone.
The other kind, zones have name servers, and name servers have addresses.
For example, my zone is dotat.at. It has the name servers
dotat.at. 3600 IN NS ns1.gratisdns.dk.
dotat.at. 3600 IN NS ns3.gratisdns.dk.
dotat.at. 3600 IN NS grey.dotat.at.
dotat.at. 3600 IN NS puck.nether.net.
For a correct delegation, these NS records have to appear in the parent
zone (which I configure through my registrar) and at the apex of my zone
(on my master server, alongside the SOA etc.).
The second level of indirection is from name server names to addresses.
These are just normal hostname address records, so they appear in the
authoritative zones indicted by their names.
(You seemed to be confused about where NS records live. I hope this
clarified it for you!)
(To make GratisDNS and Puck authoritative for my zone, I used their user
interfaces to ask them to act as secondaries, telling them what my master
server IP addresses are. No changes to their DNS records, just their
server configutation which isn't visible from the outside.)
But, there's also glue.
Glue is a special case for name server hostnames which are in the child
zone - in my example this applies to grey.dotat.at. These hostnames need
address records in the delegation to avoid a circular dependency.
$ dig +noall +additional grey.dotat.at @d.ns.at
grey.dotat.at. 10800 IN A 131.111.57.57
grey.dotat.at. 10800 IN AAAA 2001:630:212:110::d:7a7
You configure your glue records through your registrar alongside your
delegation NS records. Usually you get to specify a list of nameserver
names, each with optional addresses - you only need to specify the
addresses when the hostname is in the child zone.
Basically what you are doing with this registrar user interface is
providing a COPY of data from the delegated zone: the apex NS records,
and any addresses of nameservers whose hostnames are inside the delegated
zone.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Fisher: Northwesterly 5 to 7, occasionally gale 8 in east. Moderate or rough.
Showers. Good.
More information about the bind-users
mailing list