Nameserver on different domain?

greyhammer · 01-05-2005, 06:03 PM

Hello all.

I'm setting up my own DNS using BIND 9. Now the problem lies in this - I've set up the first nameserver on my own domain, but the secondary nameserver is not on my domain! So this is how my zone file reads: say example.com is my domain...

$ORIGIN example.com.
$TTL 86400

@ IN SOA ns.example.com. root.example.com. (
2005010601 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN A 11.22.33.44
IN NS ns.example.com.
IN NS dns1.other.com.
IN MX 10 ns.example.com.

ns IN A 11.22.32.44

NOW, how do I add the A record for the dns1.other.com. hostname? If I don't then is there a hassle as such? Because the root servers will know what the A record for the secondary nameserver is, so I should be in the clear even if I don't specify the IP for the secondary nameserver - right??

Thanks

scowles · 01-05-2005, 08:01 PM

Bind/named will not allow you to add an address record that is outside the SOA for that zone. In fact, you would see an error logged (out-of-zone data) when named starts stating that dns1.other.com is invalid and being ignored.

So the way you have your zone file listed is correct.

greyhammer · 01-06-2005, 04:30 AM

Well, I see what you say, but I'm curious - how do ISPs maintain SOAs for different domains though their nameservers are sitting on their own domains?

I mean, how does,

dns1.isp.com maintain an SOA for mydomain.com?

More than midly curious,
Thanks!

greyhammer · 01-06-2005, 06:24 AM

I mean, how do I provide the glue for the nameservers not on my domain - or is that not possible??

scowles · 01-06-2005, 06:48 AM

Quote:

Originally posted by greyhammer
I mean, how does, dns1.isp.com maintain an SOA for mydomain.com?

More than midly curious,
Thanks!

Your question is confusing, but I think I understand what you are asking

A DNS server can only be authoritative for the zones it loads, but it can answer queries for other domains (like yahoo.com), but it is NOT authoritaive for yahoo.com. It simply caches the results for future queries.

Example:

Code:

C:\>nslookup
Default Server:  ns1.mydomain.com
Address:  192.168.9.4

> www.mydomain.com
Server:  ns1.mydomain.com
Address:  192.168.9.4

Name:    www.mydomain.com
Address:  192.168.9.2

> www.yahoo.com
Server:  ns1.mydomain.com
Address:  192.168.9.4

Non-authoritative answer:
Name:    www.yahoo.akadns.net
Addresses:  68.142.226.34, 68.142.226.48, 68.142.226.53, 68.142.226.46
          68.142.226.33, 68.142.226.39, 68.142.226.36, 68.142.226.45
Aliases:  www.yahoo.com

A couple of things to notice about the above:
1) The query for www.mydomain.com was authoritative - meaning that the zone for mydomain.com is loaded on my DNS server.

2) The query for www.yahoo.com was answered by my DNS server, but the reply was non-authoritative. Meaning that my DNS server does not load the yahoo.com zone file. It had to first goto the root name servers to find the SOA for yahoo.com and then query yahoo's name server (which is authoritative) to finally return the answer. In DNS terminology, this is called recursion.

A good example of recursion can be demonstrated by using dig's trace option. Example:
# dig +trace www.yahoo.com a

BTW: Your ISP's name server works in the same way. Although they probably have separate DNS servers. One's that are authoritative for their domains and others that are configured as caching-only. The caching only servers do not load any authoritative zones and are typically queried by their customer base. i.e. resolv.conf points to these caching only servers.

scowles · 01-06-2005, 07:31 AM

Quote:

Originally posted by greyhammer
I mean, how do I provide the glue for the nameservers not on my domain - or is that not possible??

You don't add glue records (address records) for the name servers which are outside your SOA. The root name servers will return the other.com records mentioned in your example.

The zone file you posted is correct. List both name servers (NS records), but only the glue records that your server is authoritative for.