.TLD minimum number of nameservers rule

Sten Carlsen stenc at s-carlsen.dk
Tue Dec 13 09:33:39 UTC 2011

It does not seem clear to me if you mix the internal network and the
external network with regards to the 2 server requirement. Everything
inside your own NAT is your own responsibility - you can use any number
of DNS servers you like - 0, 1, 10, n.

For the rest of the world to see, two servers are the norm, usually done
by having multiple IPs or as I do, have a 3rd party DNS provider. I have
the stealth master for my info at my public IP and my provider slaves
that info in 6 other locations around the world. Such DNS providers are
also available for free, and would satisfy the requirement for multiple
servers for the registrar.

mDNS and Bonjour is not something you want to use on the outside of the
NAT normally.

On 13/12/11 10:11, Fajar A. Nugraha wrote:
> On Tue, Dec 13, 2011 at 3:53 PM,  <nudgemac at fastmail.fm> wrote:
>>>> For instance, would this be a problem when implementing a
>>>> wide area bonjour subdomain using my own local dns server for clients that are
>>>> mobile (internal/external) ?
>>> Bonjour should work even without a DNS server.
>> Reminds me of Cool Hand Luke  <: what we have here is a failure to communicate :>
> Seems that way. I'm not very familiar with bonjour :) Apologies for
> any incorrect suggestion on my part.
>>> You could always create your own DNS server if you REALLY need those
>>> record types :)
>>> The cheapest VPS is about $15/year, which should be more than enough
>>> for a secondary DNS server.
>> I'm running Bind 9.6 and dnsextd (llq and tsig handling). I have split DNS views based on source ip address
>> and possession of a tsig key: internal-trusted/external-trusted/internal-visitor/external-visitor.
>> The DNS server and clients are all mac 10.6+ so I'm taking advantage of mDNSResponder features such as
>> looking in the system keychain for the tsig keys. I have a WAB subdomain for dns-sd, etc. I've had to replace
>> dnsextd with an older version, since current macosx versions are dead.
>> I wondered if the limited access to DNS records at the top level of my domain would be a problem.
> It would if you setup WAB directly on that domain, as it seems that
> WAB requires PTR records.
>> My first thought was to take over the DNS for this domain but rfc882 saying a domain must have at least
>> 2 nameservers rules that out. Frankly, I probably don't understand enough about how glue records function...
> The easiest way seems to be just create a subdomain. So if your main
> domain is abc.dom, you can have an NS entry on that domain for the
> subdomain office.abc.com pointing to your public IP address. After
> that, just setup everything (PTR records, etc) inside that subdomain.
> Another option would be to just rent a VPS for your secondary nameserver.

Best regards

Sten Carlsen

No improvements come from shouting:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111213/73cc6e15/attachment.html>

More information about the bind-users mailing list