Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey guys,
I am cleaning up a mess with a domain name and some DNS servers and had a question about the NS record found inside the zone file. Should the NS records match the NS records entered at the domain registrar?
These are the "authoritative" name servers for the domain and my guess is that they should match. In my scenario, there are four name serves in the environment, but only two servers are defined in the registrar as authorative.
this is what is defined in the registrar:
ns1.company.com
ns1.company-alias.com
These are the four servers in the environment:
ns1.company.com
ns2.company.com
ns1.company-alias.com
ns2.company-alias.com
This is what is defined in a sample zone sitting on the domain.
ns1.company.com
ns2.company.com
We recently ran into an issue where did not not update server NS2.company.com of a new zone and I am wondering why it caused intermittent problems, since NS2.company.com was not listed in the registrar's database, just ns1.company.com and ns1.company-alias.com.
The authoritative servers knew about the unlisted servers, right? So some Internic server says "Ask the authoritative server at a.b.c.a(primary) or a.b.c.b(secondary) what IP addresses can answer questions about domain fubar.com." That a.b.c.a/b are your authoriative servers. When asked, your authoritative server knew about all servers that could answer questions, so it replied "You can get answers about fubar.com from a.b.c.1, a.b.c.2, a.b.c.3, and a.b.c.4."
________
1 JOHN 1 Christ was Alive when the world began
All any tld registrar is doing is pointing to your servers. So if you need answers about mydomain.com, here's the address for answers. The registrar has no purpose other than telling a dns lookup to look at your servers for answers.
I know this is old school, but quite effective. Substitute with your proper domain names. From any Linux command line as an admin type;
#nslookup
>server ns1.company.com
>set type=ns
>company.com
<OUTPUT OF ALL AUTH DNS SERVERS>
>server ns2.company-alias.com
>company-alias.com
<OUTPUT OF ALL AUTH DNS SERVERS>
>exit
Repeat for all bind servers. And for any stub zones, even if on the same server. Can't hurt to check the slave servers also.
The output will list all of the name servers you have listed in your bind configurations. You will need to repeat for each bind server and for each domain name. Of course, this information is coming from your zone files such as /var/named/pz/mycompany.com
I suspect what you wanted to do was setup a stealth or non-authoritative test bind server. More info can be found here.
I just reread the original post. When you register a DNS IP address with your domain registration, that is not the final answer. The next step is the DNS lookup asks the server it was pointed to, which is what you control, what are your name server IP addresses? If you have more NS records in your zone records, they are all added to the list of available name servers to query for your domain. So if you have DNS servers you do not want answering questions to the Internet, do not add them to your domain zone file.
Thank you for your time on this, in reference to your quote below, where is this "list". When I do a domain whois all i see is my 2 authoritative DNS servers. It would be nice to see the extra two somewhere.
Thanks
Quote:
Originally Posted by Suncoast
If you have more NS records in your zone records, they are all added to the list of available name servers to query for your domain. So if you have DNS servers you do not want answering questions to the Internet, do not add them to your domain zone file.
The list I refer to is what some remote DNS server gets as a response to it's query. When my DNS server asks your bind server for information, it caches that information until the cache time expires. That cached information includes a list of your authoritative Name Servers.
These would be the zone records on your name servers. Locations of the files vary by installation. Normally, the location of these files are defined in the file named.conf or older named.boot. Normally each domain zone file is given the name of the domain it represents. If setup this way, you should be able to search for the zone file or config file. For example, if I were hosting the domain biblegateway.com, I would have the following file in the following directory:
/var/named/pz/biblegateway.com
(Or I could do a "find -name biblegate*" from root) Within that file, after the SOA (Start of Authority) section I will have "NS" lines, which, as the authoritative name server, represent my name server names. If I have improper NS records here, I will have problems.
After that, in the same file, I will have "A" lines. These "A" records define the IP address for the names I defined under the "NS" lines. So it would look like:
Code:
NS ns1.biblegateway.com.
NS ns2.biblegateway.com.
ns1 A 72.71.70.1
ns2 A 72.71.70.2
I do have private email enabled here if you need a quicker response or would like to send me your real domain names. I'm unemployed, but I've been busy lately doing a few temp jobs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.