LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-28-2009, 11:46 AM   #1
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Rep: Reputation: 30
DNS NS's in registrar vs DNS NS records


Hey guys,
I am cleaning up a mess with a domain name and some DNS servers and had a question about the NS record found inside the zone file. Should the NS records match the NS records entered at the domain registrar?

These are the "authoritative" name servers for the domain and my guess is that they should match. In my scenario, there are four name serves in the environment, but only two servers are defined in the registrar as authorative.

this is what is defined in the registrar:
ns1.company.com
ns1.company-alias.com

These are the four servers in the environment:
ns1.company.com
ns2.company.com
ns1.company-alias.com
ns2.company-alias.com



This is what is defined in a sample zone sitting on the domain.
ns1.company.com
ns2.company.com

We recently ran into an issue where did not not update server NS2.company.com of a new zone and I am wondering why it caused intermittent problems, since NS2.company.com was not listed in the registrar's database, just ns1.company.com and ns1.company-alias.com.

Thanks in advance
 
Old 05-28-2009, 01:00 PM   #2
Suncoast
Member
 
Registered: Apr 2009
Location: Largo, Florida
Distribution: Slackware
Posts: 202

Rep: Reputation: 35
The authoritative servers knew about the unlisted servers, right? So some Internic server says "Ask the authoritative server at a.b.c.a(primary) or a.b.c.b(secondary) what IP addresses can answer questions about domain fubar.com." That a.b.c.a/b are your authoriative servers. When asked, your authoritative server knew about all servers that could answer questions, so it replied "You can get answers about fubar.com from a.b.c.1, a.b.c.2, a.b.c.3, and a.b.c.4."

________
1 JOHN 1 Christ was Alive when the world began

Last edited by Suncoast; 05-28-2009 at 01:05 PM.
 
Old 05-28-2009, 03:22 PM   #3
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Original Poster
Rep: Reputation: 30
hi, i must be missing the understanding on this piece of dns, which is probably my problem. any link to this, or can you elaborate?

thanks, God Bless
 
Old 05-28-2009, 04:43 PM   #4
Suncoast
Member
 
Registered: Apr 2009
Location: Largo, Florida
Distribution: Slackware
Posts: 202

Rep: Reputation: 35
All any tld registrar is doing is pointing to your servers. So if you need answers about mydomain.com, here's the address for answers. The registrar has no purpose other than telling a dns lookup to look at your servers for answers.

I know this is old school, but quite effective. Substitute with your proper domain names. From any Linux command line as an admin type;

#nslookup

>server ns1.company.com
>set type=ns
>company.com
<OUTPUT OF ALL AUTH DNS SERVERS>
>server ns2.company-alias.com
>company-alias.com
<OUTPUT OF ALL AUTH DNS SERVERS>
>exit

Repeat for all bind servers. And for any stub zones, even if on the same server. Can't hurt to check the slave servers also.

The output will list all of the name servers you have listed in your bind configurations. You will need to repeat for each bind server and for each domain name. Of course, this information is coming from your zone files such as /var/named/pz/mycompany.com

I suspect what you wanted to do was setup a stealth or non-authoritative test bind server. More info can be found here.

Hope this helps
Steve
 
Old 05-28-2009, 06:13 PM   #5
Suncoast
Member
 
Registered: Apr 2009
Location: Largo, Florida
Distribution: Slackware
Posts: 202

Rep: Reputation: 35
I just reread the original post. When you register a DNS IP address with your domain registration, that is not the final answer. The next step is the DNS lookup asks the server it was pointed to, which is what you control, what are your name server IP addresses? If you have more NS records in your zone records, they are all added to the list of available name servers to query for your domain. So if you have DNS servers you do not want answering questions to the Internet, do not add them to your domain zone file.
 
Old 05-29-2009, 02:40 PM   #6
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Original Poster
Rep: Reputation: 30
another question

Thank you for your time on this, in reference to your quote below, where is this "list". When I do a domain whois all i see is my 2 authoritative DNS servers. It would be nice to see the extra two somewhere.

Thanks


Quote:
Originally Posted by Suncoast View Post
If you have more NS records in your zone records, they are all added to the list of available name servers to query for your domain. So if you have DNS servers you do not want answering questions to the Internet, do not add them to your domain zone file.
 
Old 06-01-2009, 10:35 AM   #7
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Original Poster
Rep: Reputation: 30
Any ideas?

Hi Suncoast,
Any idea where I can review this list? When I look at the whois record on register.com all i see are the two entries.

Neill
 
Old 06-06-2009, 06:20 PM   #8
Suncoast
Member
 
Registered: Apr 2009
Location: Largo, Florida
Distribution: Slackware
Posts: 202

Rep: Reputation: 35
The list I refer to is what some remote DNS server gets as a response to it's query. When my DNS server asks your bind server for information, it caches that information until the cache time expires. That cached information includes a list of your authoritative Name Servers.

These would be the zone records on your name servers. Locations of the files vary by installation. Normally, the location of these files are defined in the file named.conf or older named.boot. Normally each domain zone file is given the name of the domain it represents. If setup this way, you should be able to search for the zone file or config file. For example, if I were hosting the domain biblegateway.com, I would have the following file in the following directory:

/var/named/pz/biblegateway.com

(Or I could do a "find -name biblegate*" from root) Within that file, after the SOA (Start of Authority) section I will have "NS" lines, which, as the authoritative name server, represent my name server names. If I have improper NS records here, I will have problems.

After that, in the same file, I will have "A" lines. These "A" records define the IP address for the names I defined under the "NS" lines. So it would look like:

Code:
          NS         ns1.biblegateway.com.
          NS         ns2.biblegateway.com.
ns1        A         72.71.70.1
ns2        A         72.71.70.2
I do have private email enabled here if you need a quicker response or would like to send me your real domain names. I'm unemployed, but I've been busy lately doing a few temp jobs.

Steve

Last edited by Suncoast; 06-06-2009 at 06:24 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS server and registrar issue jordib Linux - Server 9 06-11-2008 08:22 AM
DNS Zone Records - MX Records ddzc Linux - Software 8 05-24-2007 01:26 PM
Traceroute, Ping, Domain Name Server (DNS) Lookup, WHOIS, and DNS Records Lookup netoknet General 1 05-09-2005 03:43 AM
Old DNS records Matir Linux - Networking 2 02-11-2005 12:44 PM
DNS Setting for the Registrar Ivanfernandes Linux - Networking 3 01-21-2004 09:22 AM


All times are GMT -5. The time now is 03:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration