Up-stream information

[Kevin Darcy]

Van Luyn wrote:

> Hi Folks,
>
> Please indulge me for a few minutes, as I am a newbie and I have a small
> problem with bind and DNS as a whole.
>
> I have read quite a lot of info on setting up caching name server, zone
> files and delegation of domain names etc. The only problem I have is a
> global understanding gap. I understand how to set up bind and get things
> working, but can anyone tell me how my new zone information gets back up
> the DNS search tree to an root DNS server? What do I have to do after
> setting up and running my new DNS server so that there is a propagation
> of my authoritive zone information. Is it done automatically by bind,
> which send my zone information somewhere else.

Generally speaking, your data doesn't need to propagate all of the way up
the namespace hierarchy. If you understand delegation (you indicated you
did), then you should realize that only the authoritative, delegated
nameservers for a zone need to have the "leaf" data propagated amongst
themselves. Once that occurs, anyone can see the up-to-date data just by
following the delegation chain down from the root.

So, make the change on the master, and propagate it out to the slaves,
using AXFR or IXFR (the zone-replication parts of the DNS protocol) or
whatever your preferred method of zone replication happens to be. Note that
AXFR and IXFR are "pull" protocols: the client (i.e. the slave) requests
and receives the data from the server (i.e. the master). The master doesn't
"push" the data to the slaves, technically speaking (although it can send
NOTIFY messages, which can trigger zone transfers).

Now, I said "generally speaking" because there is a special case (isn't
there always?). Whenever the name of a nameserver happens to be in the
domain which is being delegated, then the delegating server needs to supply
the address record(s) of the nameserver's name as "glue records". This is
to break out of a nasty chicken-and-egg problem, i.e. how can you resolve a
name in a domain, when the name of the nameserver is in the domain so you
can't resolve an address to ask it? If a "com" server delegates
"example.com", for example, and one of the nameservers for that domain is
"ns.example.com", then it also provides an A record for "ns.example.com" in
its referral responses for "example.com" names. As it happens, the
gTLD servers provide glue records for *all* nameserver names in any gTLD --
it is in their interest to do so, otherwise the client will just come back
and query those names from the gTLD servers again anyway. When delegations
cross between gTLDs and ccTLDs, or between different ccTLDs, however, then
the glue records are often missing, and nameservers have to work harder to
resolve names in such domains.

Because higher-level servers, e.g. "com" servers, hold glue records,
whenever you change your nameservers' identities or addresses, you must
ensure that the registrar updates their delegation records in synch with
the NS/A records you publish from the zone itself.

> If anyone can fill me in on the gap in my understanding, I would be most
> appreciative.
>
> You would think that this would be covered in one of the Linux How-Tos,
> but I keep drawing a blank.

This is more in the realm of DNS Theory, and I wouldn't really expect it to
be in a HOWTO.


- Kevin