DNS: how to verify glue NS records?
Casey Deccio
casey at deccio.net
Fri Dec 5 15:39:28 UTC 2014
Hi Alexei,
On Fri, Dec 5, 2014 at 10:16 AM, Alexei Malinin <Alexei.Malinin at mail.ru>
wrote:
> I would like to resolve this problem:
> - I have a child DNS zone served by my ISP slave name server;
> - the parent zone is served by my ISP master name server;
> - the question is - how and with what tools (dig, host, nslookup, or
> maybe C or Perl libs) can I verify the NS glue records in the parent
> zone of my ISP (zone transfers are denied)?
>
The delegation NS records (i.e., the NS records in the parent zone) cannot
be determined using simple queries because the parent zone is also
authoritative for the child zone, as you mentioned. Thus, when one of
those servers (e.g., ns1.agtel.net) is queried for
0-15.66.233.212.in-addr.arpa/NS, the server will (should) always send the
authoritative NS RRset in (i.e., from the child) preference to the
delegation NS RRset (i.e., in the parent), and in fact the latter may be
different.
There are by definition no glue records for your zone. Glue A/AAAA records
are only required in the parent for NS targets that are subdomains of the
delegated child zone to bootstrap resolution. For example, ns1.example.com
as an NS target for example.com. That is not the case with yours (and
usually isn't with in-addr.arpa zones).
> My child zone is 0-15.66.233.212.in-addr.arpa. I tried "dig -4
> +multiline +showsearch +trace 0-15.66.233.212.in-addr.arpa ns" but it
> was not possible to make any conclusions about NS glue records from the
> dig output.
>
> I found some tools in the Internet (for example
> http://www.intodns.com/0-15.66.233.212.in-addr.arpa, see "Missing
> nameservers reported by parent") but these are inconvenient, I would
> like to use OS tools.
>
That's unfortunately a misleading error, as this cannot be determined, as I
mentioned above.
>
> Please give me some good advise.
>
>
You'll need to take the word of the operator of your parent zone.
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141205/a0c3f5e4/attachment.html>
More information about the bind-users
mailing list