.TLD minimum number of nameservers rule

nudgemac at fastmail.fm nudgemac at fastmail.fm
Tue Dec 13 08:53:31 UTC 2011 

> 
> What IS the problem, exactly? You're describing two things that
> doesn't seem to be related: number of NS for a zone, and PTR/DNAME
> records.

My appologies if in an attempt to be succint, I failed to be clear.

> 
> If you don't "own" an IP address, then usually you don't need to
> bother about PTR records at all. If you need to change PTR record for
> an IP address that you use (e.g. VPS, colo, home connection, etc) you
> usually need to ask your ISP to update/change it.

The company in question has a single public IP address connecting it's internal lan 
with the internet. A classic NAT configuration.

> DNAME creates an alias for one or more subdomains of a domain. Chances
> are you won't need it for common uses.

I'm not so sure I'd make that assumption.

> > For instance, would this be a problem when implementing a
> > wide area bonjour subdomain using my own local dns server for clients that are
> > mobile (internal/external) ?
> 
> Bonjour should work even without a DNS server.

Reminds me of Cool Hand Luke  <: what we have here is a failure to communicate :>

> You could always create your own DNS server if you REALLY need those
> record types :)
> The cheapest VPS is about $15/year, which should be more than enough
> for a secondary DNS server.

I'm running Bind 9.6 and dnsextd (llq and tsig handling). I have split DNS views based on source ip address 
and possession of a tsig key: internal-trusted/external-trusted/internal-visitor/external-visitor. 
The DNS server and clients are all mac 10.6+ so I'm taking advantage of mDNSResponder features such as 
looking in the system keychain for the tsig keys. I have a WAB subdomain for dns-sd, etc. I've had to replace
dnsextd with an older version, since current macosx versions are dead.

I wondered if the limited access to DNS records at the top level of my domain would be a problem. 
My first thought was to take over the DNS for this domain but rfc882 saying a domain must have at least
2 nameservers rules that out. Frankly, I probably don't understand enough about how glue records function... 

Thanks for your help

More information about the bind-users mailing list