rick at linuxmafia.com
Wed May 18 15:45:43 PDT 2016
Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
> The svlug.net zone is not currently used because the domain is now owned
> by Josef Grosch, who made it resolve to an unreachable address of his.
Josef will be glad to turn it over to me. I just haven't moved on that,
and that is partly because...
I'm actually no longer very much sold on the value of owning all of
those domains, either. It's a small hit for money every year, but all
we really get from them is preventing someone else from owning them.
I'm not sure that's worth funds.
But in the following, we go off the rails:
> Nameservers delegated for a zone must be in the same parent zone.
I'm not 100% sure what you mean by this sentence, but if you mean 'A
nameserver for a zone in a particular TLD must be addressed using an
FQDN in that same TLD', then no, that is incorrect. There is a very
small performance advantage because matching glue records are then
furnished in 'Additional Section' data in response to DNS queries at
the parent zone (see example at end), which is why I like to do it, but
it is not _necessary_.
Among other problems with the above sentence, I am unclear on what your
phrase 'nameservers delegated for a zone' means. My guess is that you
means nameservers authoritative for a zone.
> Others can be given A-records in the same zone, but I think doing that
> to _all_ the delegated nameservers can yield a bootstrapping issue
> after an extended outage.
Again, I am having to guess what you mean. Based on my guess, I am
inferring that you mean that, e.g., an authoritative nameserver for zone
svlug.net would cease to be addressable after protracted svlug.net
primary nameservice downtime because svlug.net could not be resolved.
This is incorrect because the relevant name information is in the glue
records in the parent zone.
Many people new to DNS make erroneous claims because they don't yet
understand how glue records work. I would suggest you make sure you
understand that infrastructure, as it is key to downwards delegation of
authority. I would appreciate your being clear on the role of glue
records before you address DNS issues again, as that will save time.
(Exercise: Pick any domain, and verify that NS records returned by the
zone's own authoritative nameservers are the same list as the NS records
returned for that zone by the parent zone's nameservers. In some cases,
they are not, which reflects the sysadmins making a DNS error, resulting
in either a 'stealth nameserver' or a 'lame nameserver', terms you
can and should look up.)
I am also completely unclear on what actual problem you are attempting
to solve, here, Daniel.
If/when I get svlug.net back from Josef, I'll arrange (pulling this
number from memory) at least three authoritative nameservers with no
difficulty. More up to a maximum of seven are of course better still,
but that is a detail to be worked through, if at all, when that
Example of querying parent zone and getting glue records with the
answer: In the following, we will query for the 'NS' records of zone
linuxmafia.com., querying parent-zone nameserver k.gtld-servers.net.
The parent zone of linuxmafia.com. is com., and you can get its list of
authoritative nameservers by doing 'dig -t ns com.' .
Litte-Datamaskin:~ rick$ dig -t ns linuxmafia.com @k.gtld-servers.net.
; <<>> DiG 9.8.3-P1 <<>> -t ns linuxmafia.com @k.gtld-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28495
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;linuxmafia.com. IN NS
;; AUTHORITY SECTION:
linuxmafia.com. 172800 IN NS ns1.linuxmafia.com.
linuxmafia.com. 172800 IN NS ns.primate.net.
linuxmafia.com. 172800 IN NS ns1.thecoop.net.
linuxmafia.com. 172800 IN NS ns.tx.primate.net.
linuxmafia.com. 172800 IN NS ns3.linuxmafia.com.
;; ADDITIONAL SECTION:
ns1.linuxmafia.com. 172800 IN A 184.108.40.206
ns.primate.net. 172800 IN A 220.127.116.11
ns.primate.net. 172800 IN AAAA 2001:470:1f00:ffff::6b7
ns1.thecoop.net. 172800 IN A 18.104.22.168
ns.tx.primate.net. 172800 IN A 22.214.171.124
ns3.linuxmafia.com. 172800 IN A 126.96.36.199
;; Query time: 308 msec
;; SERVER: 188.8.131.52#53(184.108.40.206)
;; WHEN: Wed May 18 15:37:46 2016
;; MSG SIZE rcvd: 250
More information about the volunteers