LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-16-2005, 02:21 PM   #1
Strider22
LQ Newbie
 
Registered: Nov 2005
Posts: 19

Rep: Reputation: 0
What makes a DNS server authoritative.


I've read the following trying to understand what makes a DNS server authoritative for a zone.

I leel like I'm reading Knuth on cyclic redundancy. The server is authoritative because it is authoritative.

Do any of the following matter to determine authoritative?

1) The server has all the answers. It is authoritative for the zone.
[see above]

2) The DNS servier with the answers is the one pointed to in the whois record. (Yes we all know that whois itself doesn't matter for DNS but the registration is an indicator of what is in the domain database.)

3) The DNS server is located in the zone it is providing answers for.

4) The DNS has a PTR record. (That works)

The most "authoritative" answer I found is from ARIN (American Registry for Internet Numbers) BUT it may only be valid for the in-addr.arpa domain.

ARIN has developed a script to test for
lame DNS delegations within the in-addr.arpa domain. A delegation in
DNS is the assignment of a zone to a name server. The script queries
name servers for the zones they are supposed to have according to
registration information in the ARIN database.
A name server is tested by asking
for data that has to be present in a zone, the script requests the
SOA resource record. If the name server responds with a positive
answer and claims to be authoritative, the name server is okay for
that zone.
Any other answer indicates that the name server is lame for the
tested zone.
If there is no answer, the test is repeated over a span of
time and if there is persistently no answer, the name server is
considered lame.

There are three fields in a response that can indicate that a name server is lame for a zone.

First is that a response might have a status that is not NOERROR.
Second is that a response might not set the flag indicating an
authoritative answer (aa).
Third is that there may be no answer records in the response
(ANSWER=0).
If an answer does not have all three fields set correctly, the answer indicates lameness.

</end ARIN quote>

How does one get the aa bit set? Is it a bind/djbdns setting? Is it automatic when the server makes no referrals?
What data is it that is required to be present in the zone in order for it to be authoritative.

I have set up dynamic web sites using different DNS services and some are authoritative and others are not. As of yet I can't determine why.
 
Old 11-17-2005, 01:06 PM   #2
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
AFAIK you tell the DNS server to either be, or not be, authoritative for each zone in the configuration. There is, of course, a distinction between whether the DNS server thinks it's authoritative and whether ICANN lists it as the authoritative server for a given domain. This means I can take my DNS server and configure it as the authoritative DNS server for the domain foo.bar, but the rest of The Internet will not belive this until I buy that domain and register my DNS server. What you got from ARIN is basically a laundry list of the settings that can't be misconfigured on a DNS server that is listed as authoritative.

If you have a domain with a DNS service, then they should be the authoritative DNS for your domain, and you just tell them what IP to point the name to. If you bought a domain under the condition that you would provide your own DNS then you need to have an authoritative DNS server set up. Setting type master on a zone in BIND makes it authoritative (I belive that's what makes it send the aa flag) and the rest of it is pointing to a valid host and setting any required extra info, such as SOA in the zonefile.

FYI PTR records are for reverse DNS, for (forward) DNS you need A records and possibly CNAMEs

Code:
@ SOA @ hostmaster.foo.bar. { 1234 8h 2h 4w 1d }
  NS  ns.foo.bar.
  A   192.168.0.2
  TXT "bogus domain"

www   CNAME  foo.bar.
ns    CNAME foo.bar.
mail  A 192.168.0.3
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
help needed to setup a DNS server can anyone say how to configure a DNS server subha Linux - Networking 4 04-27-2012 11:50 PM
SuSE 9.2 XDM turn "off" authoritative DNS queries confused-but-committ Linux - Software 1 07-29-2005 04:32 PM
Activating second NIC makes server lower saavik Linux - Networking 2 09-15-2004 09:37 AM
authoritative dns how to viperusn Linux - Networking 7 03-21-2004 11:49 PM
What makes a good file server? Travis86 Linux - Hardware 3 09-05-2003 12:54 AM


All times are GMT -5. The time now is 12:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration