Help with DNS Glue records and where SOA record resides

Barry Margolin barmar at genuity.net
Wed Oct 3 22:26:55 UTC 2001 

In article <9pg1d8$a68 at pub3.rc.vix.com>,
Steddy Man <stephen.eddy at btinernet.com> wrote:
>
>On 3 Oct 2001 13:21:28 -0700, Barry Margolin <barmar at genuity.net>
>wrote:
>
>>In article <9pfou1$8sf at pub3.rc.vix.com>,
>>Steddy Man <stephen.eddy at btinernet.com> wrote:
>>>I have created A and NS records on my own DNS server present on
>>>ns1.gigabytesol.com and ns2.gigabytesol.com, but because I am not
>>>authorative for the domain, this may be why I have problems.  My ISP
>>>says he is unable to create A records for my name servers in the
>>>Gigabytesol.com domain (don't ask), and that they are not required
>>>anyway since the glue records take care of it (remember I am
>>>attempting to host other domain using these name servers too).
>>
>>They're wrong.
>>
>>Sometime in the past week I posted a message with lots of details
>>explaining why you need to duplicate the glue records on the authoritative
>>servers, so I'm not going to repeat it.  Do a Google search for my previous
>>message.  But here's a brief summary: if a server has timed out the cached
>>glue records, but still has the NS records in its cache, it won't go to the
>>root servers so it won't look up the glue records, because you only go to
>>root servers when you don't have any more specific NS records in your
>>cache.
>
>I did see the other post about needing A records in addition to the
>glue records, but since I am using the name servers to host other
>domains I am not 100% sure this is totally relevant. 
>
>Which NS records are you referring too?  The ones in gigabytesol.com
>at livedns.co.uk (pointing to livedns.co.uk)?

I'm referring to these NS records, which are in both the COM zone and the
gigabytesol.com zone:

gigabytesol.com.	2D IN NS	NS2.LIVEDNS.CO.UK.
gigabytesol.com.	2D IN NS	NS1.LIVEDNS.CO.UK.


>Take the example of www.pocketnuts.com.  This domains name server
>records are actually set to ns1.gigabytesol.com and
>ns2.gigabytesol.com.  Accessing this domain is intermittent.  This
>domain incidentally was previously hosted by livedns.co.uk.
>
>When somebody looks up this domain, wouldn't the process be:-
>1. Don't know domain, so lookup at root.
>2. Find glue records and lookup entry at ns1.gigabytesol.com.
>3. This is authorative and has entries for ns1.gigabytesol.com and
>ns2.gigabytesol.com.
>4. Cache times out, but still should look to ns1.gigabytesol.com and
>ns2.gigabytesol.com since these are authorative for the domain?
>
>If the same DNS servers contacted by the resolver had previously also
>looked up the domain Gigabytesol.com then it would use these NS
>records to locate ns1 and ns2 by checking ns1.livedns.co.uk and
>ns2.livedns.co.uk (which is wrong in my circumstances).  Is this what
>you are saying?

I think so.

When things are working, the cache might contain:

pocketnuts.com.      IN NS ns1.gigabytesol.com.
ns1.gigabytesol.com. IN A  1.2.3.4
gigabytesol.com.     IN NS ns1.livedns.co.uk.
ns1.livedns.co.uk.   IN A  4.3.2.1

Now suppose the A record for ns1.gigabytesol.com times out, but the other
two records remain.  If you want to look up www.pocketnuts.com, the process
would be:

1. I know the pocketnuts.com domain, its nameserver is ns1.gigabytesol.com.
2. I don't know the address of ns1.gigabytesol.com, so I need to look that
   up.
   a. I know the gigabytesol.com domain, its nameserver is
      ns1.livedns.co.uk, whose address is 4.3.2.1.
   b. Look up ns1.gigabytesol.com at ns1.livedns.co.uk.  It says the
      address doesn't exist.

At this point the whole process comes to a stop (I didn't show
ns2.gigabytesol.com, but assume that the same thing happens to it).  BIND
will log a message indicating that there are no usable NS records for the
pocketnuts.com domain.

Eventually the NS record pointing gigabytesol.com to ns1.livedns.co.uk will
time out, and then you'll go back to the root servers, pick up glue
records, and things will work again for a while.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list