"spare hosts" as personal DNS nameservers for 'mynew.org'

Tony Finch dot at dotat.at
Wed Jul 12 10:35:35 UTC 2017 

bind at zq3q.org <bind at zq3q.org> wrote:

> One of my real hosts is below xen.prgmr.com, like the fake 'zap' above,
> so I would have to email prgmr.com support to get them to add
>
>     mynew.org. IN NS zap.xen.prgmr.com.
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ << Is this valid?
>
> to the xen.prgmr.com zone.

There's a bit of confusion here, but this is a legitimately confusing
part of the DNS because there are multiple layers of indirection and
two kinds of indirection...

The first kind there are the delegation records in the parent zone, and
the authoritative records at the apex of the child zone.

The other kind, zones have name servers, and name servers have addresses.

For example, my zone is dotat.at. It has the name servers

dotat.at.               3600    IN      NS      ns1.gratisdns.dk.
dotat.at.               3600    IN      NS      ns3.gratisdns.dk.
dotat.at.               3600    IN      NS      grey.dotat.at.
dotat.at.               3600    IN      NS      puck.nether.net.

For a correct delegation, these NS records have to appear in the parent
zone (which I configure through my registrar) and at the apex of my zone
(on my master server, alongside the SOA etc.).

The second level of indirection is from name server names to addresses.
These are just normal hostname address records, so they appear in the
authoritative zones indicted by their names.

(You seemed to be confused about where NS records live. I hope this
clarified it for you!)

(To make GratisDNS and Puck authoritative for my zone, I used their user
interfaces to ask them to act as secondaries, telling them what my master
server IP addresses are. No changes to their DNS records, just their
server configutation which isn't visible from the outside.)

But, there's also glue.

Glue is a special case for name server hostnames which are in the child
zone - in my example this applies to grey.dotat.at. These hostnames need
address records in the delegation to avoid a circular dependency.

$ dig +noall +additional grey.dotat.at @d.ns.at
grey.dotat.at.          10800   IN      A       131.111.57.57
grey.dotat.at.          10800   IN      AAAA    2001:630:212:110::d:7a7

You configure your glue records through your registrar alongside your
delegation NS records. Usually you get to specify a list of nameserver
names, each with optional addresses - you only need to specify the
addresses when the hostname is in the child zone.

Basically what you are doing with this registrar user interface is
providing a COPY of data from the delegated zone: the apex NS records,
and any addresses of nameservers whose hostnames are inside the delegated
zone.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Fisher: Northwesterly 5 to 7, occasionally gale 8 in east. Moderate or rough.
Showers. Good.

More information about the bind-users mailing list