"spare hosts" as personal DNS nameservers for 'mynew.org'

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

"spare hosts" as personal DNS nameservers for 'mynew.org'

bind
Assume I register domain 'mynew.org' with registrar namecheap; and as an exercise,
I plan to setup my own two authoritative DNS nameservers for 'mynew.org'.

I have several linux VMs, that are under used, so I want to use them
for the nameservers for 'mynew.org'.  **Neither are in 'mynew.org';
is that going to work?**

namecheap support seems to suggest that the personal DNS authorative nameservers
for 'mynew.org', must be in 'mynew.org', as in

    ns1.mynew.org
    ns2.mynew.org

This is not what I want, since I do not want to spin up 2 new servers.

**Pls confirm, that I do not need to do this, and that I could use 2 existing
linux hosts outside of mynew.org as personal DNS authorative nameservers.**
Any additional related tips appreciated.

--
thanks!,
Tom
--

Related (Child NS records):

   <http://zq3q.org/pz/#cispa_DNS_Nameserver_NS_records_for_mynew.org>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Tony Finch
[hidden email] <[hidden email]> wrote:

> I have several linux VMs, that are under used, so I want to use them
> for the nameservers for 'mynew.org'.  Neither are in 'mynew.org';
> is that going to work?

Yes, that is perfectly normal. For example,

$ dig +noall +answer ns dotat.at
dotat.at.               3559    IN      NS      ns1.gratisdns.dk.
dotat.at.               3559    IN      NS      ns3.gratisdns.dk.
dotat.at.               3559    IN      NS      grey.dotat.at.
dotat.at.               3559    IN      NS      puck.nether.net.

$ dig +noall +answer ns ac.uk
ac.uk.                  20993   IN      NS      ns0.ja.net.
ac.uk.                  20993   IN      NS      ns1.surfnet.nl.
ac.uk.                  20993   IN      NS      ns2.ja.net.
ac.uk.                  20993   IN      NS      ns3.ja.net.
ac.uk.                  20993   IN      NS      ns4.ja.net.
ac.uk.                  20993   IN      NS      auth03.ns.uu.net.
ac.uk.                  20993   IN      NS      ws-fra1.win-ip.dfn.de.

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/  -  I xn--zr8h punycode
Shannon, Rockall, Malin, Hebrides: Cyclonic at first in Shannon, otherwise
north or northeast, 4 or 5, becoming variable 3 or 4. Slight or moderate.
Showers at first. Good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Matthew Seaman
In reply to this post by bind
On 2017/07/11 14:57, [hidden email] wrote:
> I have several linux VMs, that are under used, so I want to use them
> for the nameservers for 'mynew.org'.  **Neither are in 'mynew.org';
> is that going to work?**

Yes, that will work.  There is no requirement for any of the NSes for a
zone to be part of that zone or, conversely, not part of that zone.
Although if any of the NSes are in the zone, there should be glue
records added at the level above.

> namecheap support seems to suggest that the personal DNS authorative nameservers
> for 'mynew.org', must be in 'mynew.org', as in
>
>     ns1.mynew.org
>     ns2.mynew.org
>

This is not a requirement from the DNS side.  It's normal for providers
to offer this -- vanity name servers are usually a selling point.

Even so, if you can make ns1.mynew.org and ns2.mynew.org resolve to the
A or AAAA addresses of your VMs, you should be good to go.  named is
going to work the same irrespective of whatever it thinks the hostname
of your VM is, and that can be different to the name users look up in
the DNS.

Failing that, there are any number of other providers that will let you
register a domain, and the vast majority of those certainly will let you
specify your own nameservers.

        Cheers,

        Matthew





_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (991 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Niall O'Reilly
In reply to this post by bind
On 11 Jul 2017, at 14:57, [hidden email] wrote:

> Assume I register domain 'mynew.org' with registrar namecheap; and as
> an exercise,
> I plan to setup my own two authoritative DNS nameservers for
> 'mynew.org'.
>
> I have several linux VMs, that are under used, so I want to use them
> for the nameservers for 'mynew.org'.  **Neither are in 'mynew.org';
> is that going to work?**

Unless you misconfigure things, it should just work.

> namecheap support seems to suggest that the personal DNS authorative
> nameservers
> for 'mynew.org', must be in 'mynew.org', as in
>
>     ns1.mynew.org
>     ns2.mynew.org

Nonsense.  OTOH, if your registrar is obdurate, you may need to find
a creative work-around.

> This is not what I want, since I do not want to spin up 2 new servers.

You can work around the obduracy without spinning up any new server.
Simply use the addresses of each of your existing servers in the AAAA
(you are using IPv6, I hope?) and A records for the new names.

Of course, this can only work if your servers have public, reachable
addresses.

> **Pls confirm, that I do not need to do this, and that I could use 2
> existing
> linux hosts outside of mynew.org as personal DNS authorative
> nameservers.**
> Any additional related tips appreciated.

See above.

With best regards,
Niall O'Reilly
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Reindl Harald
In reply to this post by bind

Am 11.07.2017 um 15:57 schrieb [hidden email]:

> Assume I register domain 'mynew.org' with registrar namecheap; and as an exercise,
> I plan to setup my own two authoritative DNS nameservers for 'mynew.org'.
>
> I have several linux VMs, that are under used, so I want to use them
> for the nameservers for 'mynew.org'.  **Neither are in 'mynew.org';
> is that going to work?**
>
> namecheap support seems to suggest that the personal DNS authorative nameservers
> for 'mynew.org', must be in 'mynew.org', as in
>
>      ns1.mynew.org
>      ns2.mynew.org

for sure not and i am repsonsible for both zones and some hundret others
on that nameservers over 15 years....

https://intodns.com/rhsoft.net confirms that all is fine and when your
registrar really has such crazy requirements switch to a sane one -
frankly it's even not helpful in case you need to switch nameservers
because in the case above they become GLUE records with a TTL of 172800
independent from the zone TTL

i had to switch a server which hosted websites and one of the
nameservers (i know don't mix it) to a different machine some years ago
and it was not funny that it took ages until webclients used the new IP
address while NDS would not have been a problem by just keep the old one
as additional slave until shut it down

ns1.thelounge.net.   ['85.124.176.242']   [TTL=172800]
ns2.thelounge.net.   ['91.118.73.16']   [TTL=172800]

[harry@rh:~]$ whois rhsoft.net
.......
Name Server: ns1.thelounge.net
Name Server: ns2.thelounge.net
DNSSEC: Unsigned

[harry@rh:~]$ dig NS rhsoft.net @ns1.thelounge.net
; <<>> DiG 9.10.5-P2-RedHat-9.10.5-2.P2.fc25 <<>> NS rhsoft.net
@ns1.thelounge.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27172
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1024
;; QUESTION SECTION:
;rhsoft.net.                    IN      NS

;; ANSWER SECTION:
rhsoft.net.             86400   IN      NS      ns2.thelounge.net.
rhsoft.net.             86400   IN      NS      ns1.thelounge.net.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

bind
In reply to this post by Tony Finch
On Tue 7/11/17 15:23 +0100 Tony Finch wrote:

> [hidden email] <[hidden email]> wrote:
>
> > I have several linux VMs, that are under used, so I want to use them
> > for the nameservers for 'mynew.org'.  Neither are in 'mynew.org';
> > is that going to work?
>
> Yes, that is perfectly normal. For example,
>
> $ dig +noall +answer ns dotat.at
> dotat.at.               3559    IN      NS      ns1.gratisdns.dk.
> dotat.at.               3559    IN      NS      ns3.gratisdns.dk.
> dotat.at.               3559    IN      NS      grey.dotat.at.
> dotat.at.               3559    IN      NS      puck.nether.net.
>
> $ dig +noall +answer ns ac.uk
> ac.uk.                  20993   IN      NS      ns0.ja.net.
> ac.uk.                  20993   IN      NS      ns1.surfnet.nl.
> ac.uk.                  20993   IN      NS      ns2.ja.net.
> ac.uk.                  20993   IN      NS      ns3.ja.net.
> ac.uk.                  20993   IN      NS      ns4.ja.net.
> ac.uk.                  20993   IN      NS      auth03.ns.uu.net.
> ac.uk.                  20993   IN      NS      ws-fra1.win-ip.dfn.de.

Thanks for the good examples Tony.  

Nice to learn your "+noall +answer" dig syntax also.

--
What is a domain registrar with good support, that can guide me through
getting this to work under linux (fedora 24 and bind 9.x)?  I can buy a new domain
if need be.

My current registrar may respond with a different person, for each mail
for a given single issue, and I'm getting inconsistent answers.  They will not
tell me any of their log error info; not sure if they even look?  They ignore
several of my questions.  In fairness they are sincere and trying.

--
thanks,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Reindl Harald


Am 11.07.2017 um 20:56 schrieb [hidden email]:

> On Tue 7/11/17 15:23 +0100 Tony Finch wrote:
>> [hidden email] <[hidden email]> wrote:
>>
>>> I have several linux VMs, that are under used, so I want to use them
>>> for the nameservers for 'mynew.org'.  Neither are in 'mynew.org';
>>> is that going to work?
>>
>> Yes, that is perfectly normal. For example,
>>
>> $ dig +noall +answer ns dotat.at
>> dotat.at.               3559    IN      NS      ns1.gratisdns.dk.
>> dotat.at.               3559    IN      NS      ns3.gratisdns.dk.
>> dotat.at.               3559    IN      NS      grey.dotat.at.
>> dotat.at.               3559    IN      NS      puck.nether.net.
>>
>> $ dig +noall +answer ns ac.uk
>> ac.uk.                  20993   IN      NS      ns0.ja.net.
>> ac.uk.                  20993   IN      NS      ns1.surfnet.nl.
>> ac.uk.                  20993   IN      NS      ns2.ja.net.
>> ac.uk.                  20993   IN      NS      ns3.ja.net.
>> ac.uk.                  20993   IN      NS      ns4.ja.net.
>> ac.uk.                  20993   IN      NS      auth03.ns.uu.net.
>> ac.uk.                  20993   IN      NS      ws-fra1.win-ip.dfn.de.
>
> Thanks for the good examples Tony.
>
> Nice to learn your "+noall +answer" dig syntax also.
>
> --
> What is a domain registrar with good support, that can guide me through
> getting this to work under linux (fedora 24 and bind 9.x)?  I can buy a new domain
> if need be.

no need - you can transfer your domains at any point in time

> My current registrar may respond with a different person, for each mail
> for a given single issue, and I'm getting inconsistent answers.  They will not
> tell me any of their log error info; not sure if they even look?  They ignore
> several of my questions.  In fairness they are sincere and trying

in case of .at we are directly registrar and our infrastructure talks
idrectly via
https://en.wikipedia.org/wiki/Extensible_Provisioning_Protocol to
nic.at, for other TLD's we use https://www.epag.de/ which belongs in the
meantime to GoDaddy

it should not be that hard to find a service which let you define the
nameservers of your domain - if it's a registrar at it's own or a
reseller don#t matter that much because the only point is whatever
interface that let you define "these hosts are the nameservers for
excample.com"
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

bind
In reply to this post by Niall O'Reilly
Hi Niall:

On Tue 7/11/17 15:24 +0100 "Niall O'Reilly" wrote:

> On 11 Jul 2017, at 14:57, [hidden email] wrote:
>
> > Assume I register domain 'mynew.org' with registrar namecheap; and as
> > an exercise,
> > I plan to setup my own two authoritative DNS nameservers for
> > 'mynew.org'.
> >
> > I have several linux VMs, that are under used, so I want to use them
> > for the nameservers for 'mynew.org'.  **Neither are in 'mynew.org';
> > is that going to work?**
>
> Unless you misconfigure things, it should just work.

**I think I have one thing wrong, pls confirm:**
Assume my 'spare nameservers'  are these fictious ones:

    pup.asdf.org
    zap.xen.prgmr.com

I did **not** register:

    pup  as a nameserver for mynew.org in asdf.org
    zap  as a nameserver for mynew.org in xen.prgmr.com

One of my real hosts *is below xen.prgmr.com*, like the fake 'zap' above,
so I would have to email
prgmr.com support to get them to add

    mynew.org. IN NS zap.xen.prgmr.com.
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ << Is this valid?

to the xen.prgmr.com zone.

Is this correct?

--
I tried to get terminology roughly right.  In my fictious example,
I had to pick a registrar (not namecheap) to help me create the 'asdf.org'. Then to
get a NS record for pup.asdf.org to be authoritative for "mynew.org."
in the zone for 'asdf.org', I have to deal with the registrar's web GUI, and
"register" pup.asdf.org as this NS.  If course there is also a SOA, and NS
record in the "mynew.org." zone. Sorry if I'm getting pedantic, but
I would appreciate anyone correcting me so I understand.

> > namecheap support seems to suggest that the personal DNS authorative
> > nameservers
> > for 'mynew.org', must be in 'mynew.org', as in
> >
> >     ns1.mynew.org
> >     ns2.mynew.org
>
> Nonsense.

Thanks.

In fairness, different support email lead me in conflicting directions.
They do have a 'custom DNS servers' option, that seems to support name servers
that are "non vanity" / "outside-the-domain-they-are-authoritative-for" nameservers.
That option silently failed for me (see "I think I have one thing wrong" above).
It's frustrating that my registrar does not share any error logs that could pin
point the problem.

>            OTOH, if your registrar is obdurate, you may need to find
> a creative work-around.
>
> > This is not what I want, since I do not want to spin up 2 new servers.
>
> You can work around the obduracy without spinning up any new server.
> Simply use the addresses of each of your existing servers in the AAAA
> (you are using IPv6, I hope?) and A records for the new names.

I prefer not to use a work around. I'm willing to go with another
registrar, if someone could suggest one.

--
In any case, see if I understand you:
So, at the registrar level for mynew.org, I specify the vanity name
servers ns1.mynew.org, and ns2.mynew.org with the IP addresses of
pup and zap.  I also add (sorry IP4) 'A' records for ns1.mynew.org, and
ns2.mynew.org in the mynew.org zone for nameservers pup and zap.

> Of course, this can only work if your servers have public, reachable
> addresses.

They are public.

--snip

THANKS Niall for the help and good words!

--
regards,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

bind
In reply to this post by Matthew Seaman
Hi Matthew:

On Tue 7/11/17 15:24 +0100 Matthew Seaman wrote:
> On 2017/07/11 14:57, [hidden email] wrote:
>
> > I have several linux VMs, that are under used, so I want to use them
> > for the nameservers for 'mynew.org'.  **Neither are in 'mynew.org';
> > is that going to work?**
>
> Yes, that will work.  There is no requirement for any of the NSes for
> a zone to be part of that zone or, conversely, not part of that zone.

This seems imp:

> Although if any of the NSes are in the zone, there should be glue
> records added at the level above.

As I wrote to Niall (msg dated 11 Jul 2017 15:04:32 -0500) ,
I **do not** have a NS record for each of my two
nameservers, in the domain zone that the respective nameserver itself is in.
That is a mistake, I need to fix, right?

> > namecheap support seems to suggest that the personal DNS authorative
> > nameservers for 'mynew.org', must be in 'mynew.org', as in
> >
> >     ns1.mynew.org ns2.mynew.org
>
> This is not a requirement from the DNS side.  It's normal for
> providers to offer this -- vanity name servers are usually a selling
> point.

OK.  Thanks for that term "vanity name servers".

> Even so, if you can make ns1.mynew.org and ns2.mynew.org resolve to
> the A or AAAA addresses of your VMs, you should be good to go. named
> is going to work the same irrespective of whatever it thinks the
> hostname of your VM is, and that can be different to the name users
> look up in the DNS.
>
> Failing that, there are any number of other providers that will let
> you register a domain, and the vast majority of those certainly will
> let you specify your own nameservers.

If you have a specific registrar in mind with good support pls let
me know.

--
thanks/regards,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Niall O'Reilly
On 11 Jul 2017, at 22:01, [hidden email] wrote:

> As I wrote to Niall (msg dated 11 Jul 2017 15:04:32 -0500) ,

That hasn't reached me yet.

> I **do not** have a NS record for each of my two
> nameservers, in the domain zone that the respective nameserver itself
> is in.
> That is a mistake, I need to fix, right?

Short answer: just no.

Long answer: not unless either of your servers is providing name service
for
the zone that the nameserver itself is in.  As I understand from your
original message, this is not the case, so just no.

I hope this helps.

With best regards,
Niall O'Reilly


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Tony Finch
In reply to this post by bind
[hidden email] <[hidden email]> wrote:

> One of my real hosts is below xen.prgmr.com, like the fake 'zap' above,
> so I would have to email prgmr.com support to get them to add
>
>     mynew.org. IN NS zap.xen.prgmr.com.
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ << Is this valid?
>
> to the xen.prgmr.com zone.

There's a bit of confusion here, but this is a legitimately confusing
part of the DNS because there are multiple layers of indirection and
two kinds of indirection...

The first kind there are the delegation records in the parent zone, and
the authoritative records at the apex of the child zone.

The other kind, zones have name servers, and name servers have addresses.

For example, my zone is dotat.at. It has the name servers

dotat.at.               3600    IN      NS      ns1.gratisdns.dk.
dotat.at.               3600    IN      NS      ns3.gratisdns.dk.
dotat.at.               3600    IN      NS      grey.dotat.at.
dotat.at.               3600    IN      NS      puck.nether.net.

For a correct delegation, these NS records have to appear in the parent
zone (which I configure through my registrar) and at the apex of my zone
(on my master server, alongside the SOA etc.).

The second level of indirection is from name server names to addresses.
These are just normal hostname address records, so they appear in the
authoritative zones indicted by their names.

(You seemed to be confused about where NS records live. I hope this
clarified it for you!)

(To make GratisDNS and Puck authoritative for my zone, I used their user
interfaces to ask them to act as secondaries, telling them what my master
server IP addresses are. No changes to their DNS records, just their
server configutation which isn't visible from the outside.)

But, there's also glue.

Glue is a special case for name server hostnames which are in the child
zone - in my example this applies to grey.dotat.at. These hostnames need
address records in the delegation to avoid a circular dependency.

$ dig +noall +additional grey.dotat.at @d.ns.at
grey.dotat.at.          10800   IN      A       131.111.57.57
grey.dotat.at.          10800   IN      AAAA    2001:630:212:110::d:7a7

You configure your glue records through your registrar alongside your
delegation NS records. Usually you get to specify a list of nameserver
names, each with optional addresses - you only need to specify the
addresses when the hostname is in the child zone.

Basically what you are doing with this registrar user interface is
providing a COPY of data from the delegated zone: the apex NS records,
and any addresses of nameservers whose hostnames are inside the delegated
zone.

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/  -  I xn--zr8h punycode
Fisher: Northwesterly 5 to 7, occasionally gale 8 in east. Moderate or rough.
Showers. Good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

bind
In reply to this post by Reindl Harald
Hi Reindl:

On Tue 7/11/17 18:05 +0200 Reindl Harald wrote:

>
> Am 11.07.2017 um 15:57 schrieb [hidden email]:
> > Assume I register domain 'mynew.org' with registrar namecheap; and as an exercise,
> > I plan to setup my own two authoritative DNS nameservers for 'mynew.org'.
> >
> > I have several linux VMs, that are under used, so I want to use them
> > for the nameservers for 'mynew.org'.  **Neither are in 'mynew.org';
> > is that going to work?**
> >
> > namecheap support seems to suggest that the personal DNS authorative nameservers
> > for 'mynew.org', must be in 'mynew.org', as in
> >
> >      ns1.mynew.org
> >      ns2.mynew.org
>
> for sure not
> and i am repsonsible for both zones and some hundret others
> on that nameservers over 15 years....

Thanks for confirming.

> https://intodns.com/rhsoft.net confirms that all is fine

Thanks for this tool!

> and when your
> registrar really has such crazy requirements switch to a sane one -
> frankly it's even not helpful in case you need to switch nameservers
> because in the case above they become GLUE records with a TTL of 172800
> independent from the zone TTL

OK, I'm ready to consider other registrars, any suggestions
would be appreciated.

    https://www.gandi.net/ 
    has been suggested by Matthew Seaman. Looks good to me.

related rant: http://zq3q.org/pz/#zycbu_Choosing_a_DNS_registrar

> i had to switch a server which hosted websites and one of the
> nameservers (i know don't mix it) to a different machine some years ago
> and it was not funny that it took ages until webclients used the new IP
> address while NDS would not have been a problem by just keep the old one
> as additional slave until shut it down
>
> ns1.thelounge.net.   ['85.124.176.242']   [TTL=172800]
> ns2.thelounge.net.   ['91.118.73.16']   [TTL=172800]
>
> [harry@rh:~]$ whois rhsoft.net
> .......
> Name Server: ns1.thelounge.net
> Name Server: ns2.thelounge.net
> DNSSEC: Unsigned
>
> [harry@rh:~]$ dig NS rhsoft.net @ns1.thelounge.net
> ; <<>> DiG 9.10.5-P2-RedHat-9.10.5-2.P2.fc25 <<>> NS rhsoft.net
> @ns1.thelounge.net
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27172
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1024
> ;; QUESTION SECTION:
> ;rhsoft.net.                    IN      NS
>
> ;; ANSWER SECTION:
> rhsoft.net.             86400   IN      NS      ns2.thelounge.net.
> rhsoft.net.             86400   IN      NS      ns1.thelounge.net.
--snip

On Tue 7/11/17 21:33 +0200 Reindl Harald wrote:
--snip
> > What is a domain registrar with good support, that can guide me through
> > getting this to work under linux (fedora 24 and bind 9.x)?  I can buy a new domain
> > if need be.
>
> no need - you can transfer your domains at any point in time

Thanks.  I may as well learn that process.

--snip
>
> in case of .at we are directly registrar and our infrastructure talks
> idrectly via
> https://en.wikipedia.org/wiki/Extensible_Provisioning_Protocol to

Thx for the above link.

> nic.at, for other TLD's we use https://www.epag.de/ which belongs in the
> meantime to GoDaddy

Thx, I looked at https://www.epag.de/en/

> it should not be that hard to find a service which let you define the
> nameservers of your domain - if it's a registrar at it's own or a
> reseller don#t matter that much because the only point is whatever
> interface that let you define "these hosts are the nameservers for
> excample.com"

--
regards,
Tom

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Bind-Users forum mailing list
On 07/12/2017 03:21 PM, [hidden email] wrote:
> OK, I'm ready to consider other registrars, any suggestions
> would be appreciated.

$Dynadot++ has been good to me.  I can pay them via PayPal and they
support DS records for DNSSEC if you eventually want to mess with that.
-  I think they were reasonably priced too.

I dislike the following and voted by spending my money elsewhere.
$GoDaddy--  They try to up sell you ever chance they get and IMHO their
web UI tries to make every possible chance to up sell possible.
$Hover--  Formerly "It's Your Domain" (who was decent) changed to Hover
and seemed to be a registrar as a side need of a different service they
were selling.  They really put me off.



--
Grant. . . .
unix || die


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

Carl Byington
In reply to this post by bind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Wed, 2017-07-12 at 16:21 -0500, [hidden email] wrote:
> OK, I'm ready to consider other registrars, any suggestions
> would be appreciated.

I like gkg.net - they have an API so you can automatically upload new DS
records when you do DNSSEC key rollovers.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEUEAREKAAYFAllmtQwACgkQL6j7milTFsGcNQCdEMVMhDjbb/G++ors2jJgH5Yp
zHsAl3mvhHy0EybJzoO1g0rF+lLvDuc=
=/PA6
-----END PGP SIGNATURE-----


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: delegation NS records

bind
In reply to this post by Niall O'Reilly
Hi Niall:

On Tue 7/11/17 22:56 +0100 "Niall O'Reilly" wrote:

> On 11 Jul 2017, at 22:01, [hidden email] wrote:
>
> > As I wrote to Niall (msg dated 11 Jul 2017 15:04:32 -0500) ,
>
> That hasn't reached me yet.
>
> > I **do not** have a NS record for each of my two
> > nameservers, in the domain zone that the respective nameserver itself  is in.
> > That is a mistake, I need to fix, right?
>
> Short answer: just no.
>
> Long answer: not unless either of your servers is providing name service for
> the zone that the nameserver itself is in.  As I understand from your
> original message, this is not the case, so just no.

Thanks much!

--
Check my comprehension:

So, **delegation** NS records are only needed in the zone which has an $ORIGIN,
which is 1 level up from the $ORIGIN in the zone that contains the nameserver SOA, and
authority NS records in.  If this zone with delegation NS records is a subdomain
of a TLD, then one adds these delegation NS records by using the registrar's
interface to the TLD registry.

--
regards,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: delegation NS records

Bob Harold

On Thu, Jul 13, 2017 at 3:33 PM, <[hidden email]> wrote:
Hi Niall:

On Tue 7/11/17 22:56 +0100 "Niall O'Reilly" wrote:
> On 11 Jul 2017, at 22:01, [hidden email] wrote:
>
> > As I wrote to Niall (msg dated 11 Jul 2017 15:04:32 -0500) ,
>
> That hasn't reached me yet.
>
> > I **do not** have a NS record for each of my two
> > nameservers, in the domain zone that the respective nameserver itself  is in.
> > That is a mistake, I need to fix, right?
>
> Short answer: just no.
>
> Long answer: not unless either of your servers is providing name service for
> the zone that the nameserver itself is in.  As I understand from your
> original message, this is not the case, so just no.

Thanks much!

--
Check my comprehension:

So, **delegation** NS records are only needed in the zone which has an $ORIGIN,
which is 1 level up from the $ORIGIN in the zone that contains the nameserver SOA, and
authority NS records in.  If this zone with delegation NS records is a subdomain
of a TLD, then one adds these delegation NS records by using the registrar's
interface to the TLD registry.

--
regards,
Tom

Let's illustrate one NS record, for each of the cases:
(I think your case is #2)

1. Name server name inside the domain itself

ns.example.com IN A x.x.x.x

the TLD com would have (entered by the registrar)
ns.example.com IN A x.x.x.x   (this is a "glue" record)


2. Name server name in another domain:


TLD com zone:
(no glue record)

ns.otherdomain.com IN A x.x.x.x


3. Sibling domains with name servers for each other: (should be avoided?)

ns.example.com IN A x.x.x.x


TLD com zone:
ns.example.com IN A x.x.x.x  (glue record?)
ns.otherdomain.com IN A x.x.x.x (glue record?)

-- 
Bob Harold


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: delegation NS records

bind
Hi Bob:

These examples help!  Thank you.

On Thu 7/13/17 15:53 -0400 Bob Harold wrote:

> Let's illustrate one NS record, for each of the cases:
> (I think your case is #2)
>
> 1. Name server name inside the domain itself
>
> example.com zone:
> example.com IN NS ns.example.com
> ns.example.com IN A x.x.x.x
>
> the TLD com would have (entered by the registrar)
> example.com IN  NS ns.example.com
> ns.example.com IN A x.x.x.x   (this is a "glue" record)

OK.  This example is the most commonly seen in web searches.

> 2. Name server name in another domain:
>
> example.com zone:
> example.com IN NS ns.otherdomain.com
>
> TLD com zone:
> example.com IN NS ns.otherdomain.com
> (no glue record)

Exactly one delegation NS record.

Several have made that clear; ie I now clearly understand there is
*not* another NS delegation record needed in the zone with the $ORIGIN
that is part of the ("non vanity") nameserver's FQDN.

> otherdomain.com zone:
> ns.otherdomain.com IN A x.x.x.x

Almost goes without saying that  above A record is needed.

> 3. Sibling domains with name servers for each other: (should be avoided?)
>
> example.com zone:
> example.com IN NS ns.otherdomain.com
> ns.example.com IN A x.x.x.x
>
> otherdomain.com zone:
> otherdomain.com IN  NS ns.example.com
> ns.otherdomain.com IN A x.x.x.x
>
> TLD com zone:
> example.com IN NS ns.otherdomain.com
> ns.example.com IN A x.x.x.x  (glue record?)
> ns.otherdomain.com IN A x.x.x.x (glue record?)

Interesting.  I think the glue record make sense.
I'm not planning to do this. :->

I do not see any delegation NS record for otherdomain.com above.
Is this right?:

    TLD com zone:
    example.com        IN NS ns.otherdomain.com
    ns.example.com     IN A x.x.x.x  (glue record?)
    otherdomain.com    IN NS ns.example.com
    ns.otherdomain.com IN A x.x.x.x (glue record?)
   
--
thanks,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: delegation NS records

Matus UHLAR - fantomas
On 13.07.17 19:39, [hidden email] wrote:

>Interesting.  I think the glue record make sense.
>I'm not planning to do this. :->
>
>I do not see any delegation NS record for otherdomain.com above.
>Is this right?:
>
>    TLD com zone:
>    example.com        IN NS ns.otherdomain.com
>    ns.example.com     IN A x.x.x.x  (glue record?)
>    otherdomain.com    IN NS ns.example.com
>    ns.otherdomain.com IN A x.x.x.x (glue record?)

verisign has cleared these combinations a few years ago. I think at least
they (.net and .com) have policy to avoid these cases.

Simply said, if you don't have nameservers in your owndomain (and thus glue
recods in parent zone), search for nameservers that do have glue records in
parent zone. This will lower a risk of breaking the delegation path.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson.  -- Daffy Duck & Porky Pig
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: delegation NS records

bind
In reply to this post by bind
Yesterday, Niall corrected me off list.  Hopefully what I write below is
now correct:

    Assume our nameserver SOA and related authoritatve NS record are in
    the zone w/$ORIGIN" "example.com.".  Regardless of what the FQDN for
    the nameserver itself is, only a single **delegation** NS record
    needed, and it belongs in the ".com." TLD. In general the delegation NS
    record belongs in the zone w/an $ORIGIN, which is one level up from the
    $ORIGIN of the zone that contains: the nameserver SOA, and authority
    NS record.  When this zone where the delegation NS record belongs is a TLD,
    one adds the delegation NS record using the registrar's tool that
    interfaces w/the TLD registry.

--
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: delegation NS records

Niall O'Reilly
On 14 Jul 2017, at 14:07, [hidden email] wrote:

> only a single **delegation** NS record
>     needed

Actually, there should be two or more, and their IP addresses
should belong to different networks.

RFC1034, section 4.1:

A given zone will be available from several name servers to insure its
availability in spite of host or communication link failure.  By
administrative fiat, we require every zone to be available on at least
two servers, and many zones have more redundancy than that.

/Niall
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
12
Loading...