Hey guys,
I am cleaning up a mess with a domain name and some DNS servers and had a question about the NS record found inside the zone file. Should the NS records match the NS records entered at the domain registrar?

These are the "authoritative" name servers for the domain and my guess is that they should match. In my scenario, there are four name serves in the environment, but only two servers are defined in the registrar as authorative.

this is what is defined in the registrar:
ns1.company.com
ns1.company-alias.com

These are the four servers in the environment:
ns1.company.com
ns2.company.com
ns1.company-alias.com
ns2.company-alias.com



This is what is defined in a sample zone sitting on the domain.
ns1.company.com
ns2.company.com

We recently ran into an issue where did not not update server NS2.company.com of a new zone and I am wondering why it caused intermittent problems, since NS2.company.com was not listed in the registrar's database, just ns1.company.com and ns1.company-alias.com.

Thanks in advance

The authoritative servers knew about the unlisted servers, right? So some Internic server says "Ask the authoritative server at a.b.c.a(primary) or a.b.c.b(secondary) what IP addresses can answer questions about domain fubar.com." That a.b.c.a/b are your authoriative servers. When asked, your authoritative server knew about all servers that could answer questions, so it replied "You can get answers about fubar.com from a.b.c.1, a.b.c.2, a.b.c.3, and a.b.c.4."

________
1 JOHN 1 Christ was Alive when the world began

hi, i must be missing the understanding on this piece of dns, which is probably my problem. any link to this, or can you elaborate?

thanks, God Bless

All any tld registrar is doing is pointing to your servers. So if you need answers about mydomain.com, here's the address for answers. The registrar has no purpose other than telling a dns lookup to look at your servers for answers.

I know this is old school, but quite effective. Substitute with your proper domain names. From any Linux command line as an admin type;

#nslookup

>server ns1.company.com
>set type=ns
>company.com
<OUTPUT OF ALL AUTH DNS SERVERS>
>server ns2.company-alias.com
>company-alias.com
<OUTPUT OF ALL AUTH DNS SERVERS>
>exit

Repeat for all bind servers. And for any stub zones, even if on the same server. Can't hurt to check the slave servers also.

The output will list all of the name servers you have listed in your bind configurations. You will need to repeat for each bind server and for each domain name. Of course, this information is coming from your zone files such as /var/named/pz/mycompany.com

I suspect what you wanted to do was setup a stealth or non-authoritative test bind server. More info can be found here.

Hope this helps
Steve

I just reread the original post. When you register a DNS IP address with your domain registration, that is not the final answer. The next step is the DNS lookup asks the server it was pointed to, which is what you control, what are your name server IP addresses? If you have more NS records in your zone records, they are all added to the list of available name servers to query for your domain. So if you have DNS servers you do not want answering questions to the Internet, do not add them to your domain zone file.

Thank you for your time on this, in reference to your quote below, where is this "list". When I do a domain whois all i see is my 2 authoritative DNS servers. It would be nice to see the extra two somewhere.

Thanks

Hi Suncoast,
Any idea where I can review this list? When I look at the whois record on register.com all i see are the two entries.

Neill

The list I refer to is what some remote DNS server gets as a response to it's query. When my DNS server asks your bind server for information, it caches that information until the cache time expires. That cached information includes a list of your authoritative Name Servers.

These would be the zone records on your name servers. Locations of the files vary by installation. Normally, the location of these files are defined in the file named.conf or older named.boot. Normally each domain zone file is given the name of the domain it represents. If setup this way, you should be able to search for the zone file or config file. For example, if I were hosting the domain biblegateway.com, I would have the following file in the following directory:

/var/named/pz/biblegateway.com

(Or I could do a "find -name biblegate*" from root) Within that file, after the SOA (Start of Authority) section I will have "NS" lines, which, as the authoritative name server, represent my name server names. If I have improper NS records here, I will have problems.

After that, in the same file, I will have "A" lines. These "A" records define the IP address for the names I defined under the "NS" lines. So it would look like:

I do have private email enabled here if you need a quicker response or would like to send me your real domain names. I'm unemployed, but I've been busy lately doing a few temp jobs.

Steve