finding authoritative nameservers
Ronald F. Guilmette
rfg at tristatelogic.com
Tue May 20 00:03:54 UTC 2008
In message <9778278B-1072-4F82-A367-D43E88EE1362 at menandmice.com>,
Chris Buxton <cbuxton at menandmice.com> wrote:
>On May 19, 2008, at 4:26 PM, Ronald F. Guilmette wrote:
>> Yeabut even in those (degenerate?) cases, I still do at least have the
>> name of the primary... which is something. (And for my purposes, it
>> is more than enough to hang my hat on.)
>
>You're assuming the SOA record actually contains the primary master
>server's name, or indeed the name of any of the authoritative name
>servers.
Assuming is too strong a word. "Hoping" would be a more accurate characteri-
zation.
(1/2 :-)
> This is not a safe assumption, since it's subject to user
>error and such an error often does not cause any operational problems
>for the zone.
>
>>> Therefore, you should actually query for the NS records, since any
>>> standards-compliant authoritative name server will return those if
>>> explicitly asked.
>>
>> OK, sorry, I've lost context. Can you run this part by me again
>> please?
>> How exactly do I do what you're saying I should do?
>>
>> Assume that I stared with foobar.example.com. Now assume that I've
>> already
>> learned (from some SOA record) that the primary NS for that is called
>> ns1.example.com. Tell me what to do next.
>>
>> Are you saying that I should send a type NS query to ns1.example.com
>> for
>> the name foobar.example.com?
>
>Probably not. The query name should match the name of the SOA record
>you've previously discovered - the name of the containing zone.
>
>> Won't that only produce useful results in cases where
>> foobar.example.com
>> itself has one or more NS records associated with that specific and
>> complete
>> FQDN?
>
>Yes, it would. But the name of an SOA record is always the name of a
>zone, which ought to therefore have NS records.
Sorry. You lost me. Let's start again.
I want to know the nameservers for "foobar.example.com". So I send a
query for name="foobar.example.com" and type=SOA to my own friendly &
helpful local name server. So far so good?
I get back some SOA record, either in the ANSWER or in the AUTHORITY
section. I fish out of that SOA record (a) a new `name' value... presumably
the name of a highly relevant zone... and also (b) the name of an (alleged)
primary for the zone (in the "mname" field).
So now what? Are you saying that I should send a query with name set equal
to the zone-name to the purported/alleged primary name server? OK, I can do
that. But there's one thing that I still don't understand... What should
I be setting the query type to in this query? NS? SOA? ANY? OTHER?
Like they say in the SATs/GREs, ``Justify your answer.''
(OK, sorry. No. Not trying to put pressure on you, but I _would_ rather
like to fully understand what I'm doing.)
More information about the bind-users
mailing list