Re: [DNS] BIND Delegation Only

Re: [DNS] BIND Delegation Only

From: Alwyn Smith <alwyn§st.net.au>
Date: Thu, 20 Nov 2003 17:24:20 +1000
Hi Anand,

I should have provided a clearer explanation. :)

Bind running in delegation-only mode will not resolve addresses where the
name servers for the domain in question are (ultimately) all in another TLD
and where the prime TLD registry does not support glue for nameservers in
another TLD.

In my example afgonline.com.au nameservers are in .au (rescuegroup.com.au),
but the nameservers for rescuegroup.com.au are in .com (rescuegroup.com) and
resolution fails at that point - no glue.

To ensure reliablility under the world according to delegation-only you need
at least one nameserver completely within the same TLD or you become
invisible to people who disagree with Verisign.

This is not specific to .au and is not finger pointing, simply an
observation.

alwyn

----- Original Message ----- 
From: "Anand Kumria" <wildfire&#167;progsoc.uts.edu.au>
To: <dns&#167;lists.auda.org.au>
Sent: Thursday, November 20, 2003 2:44 PM
Subject: Re: [DNS] BIND Delegation Only


Hi Alwyn,

I'm coming a bit late here and it would seem you've since resolved your
problem. However I'm not sure I understand what the original problem
was, could you elaborate futher?

On Wed, Nov 12, 2003 at 04:55:55PM +1000, Alwyn Smith wrote:
> This one had me going for a while because the problem was further up the
dns
> chain than I was looking.  Hopefully this info may help someone else with
> "inexplicable" dns failures on .au domains.
>
> afgonline.com.au would not resolve:
>
> afgonline.com.au.       2554    IN      NS      ns1.rescuegroup.com.au.
> afgonline.com.au.       2554    IN      NS      ns2.rescuegroup.com.au.

so, dig ns1.recusgroup.com.au and dig ns1.recusgroup.com.au would both
fail?

>
> ns1.rescuegroup.com.au. 2554    IN      A       203.103.84.232
> ns2.rescuegroup.com.au. 2554    IN      A       210.11.148.5

Were these glue records for ausregistry.net or were they listed as NS in
the zone file?

>
> rescuegroup.com.au.     2477    IN      NS      ns1.rescuegroup.com.
> rescuegroup.com.au.     2477    IN      NS      ns2.rescuegroup.com.

Same question as above.

>
> If you operate bind in "delegation only" mode then lookups of .au domains
> with name servers _ultimately_ in "delegation only" domains will fail.

So this is a client problem (i.e. the admin of a zone has setup
delegation only) and there isn't much that a third party zone operator
can do about things?

Not sure I fully understand, and insight would be appreciated.

Regards,
Anand

-- 
 `` We are shaped by our thoughts, we become what we think.
 When the mind is pure, joy follows like a shadow that never
 leaves. '' -- Buddha, The Dhammapada

---------------------------------------------------------------------------
List policy, unsubscribing and archives => http://dotau.org/
Please do not retransmit articles on this list without permission of the
author, further information at the above URL.
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:07 UTC