----- Original Message ----- From: "Robert L Mathews" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 20, 2003 7:11 PM Subject: Re: DNS Servers
> At 8/20/03 4:30 AM, Rick Hodger wrote: > > >Just came across something that I'm rather curious about.> > > > > [description of host IP addresses not showing in some WHOIS lookups] > > That's normal and merely cosmetic. That's what I thought. But then I looked at the glue records and started to think. > >Basically, it seems as if any > >DNS server ending in a TLD has an IP address beside it, and any country > >level DNS server does not. This wouldn't be of such concern to me, except > >that the root servers glue records reflect the same: > > Ah, you're misunderstanding something here: [SNIP] > You're thinking that the X.gtld-servers.net are the root servers for all > domains. That is not the case; they are merely the top level servers for > the .com and .net domains. The actual root servers have names ending in > "root-servers.net", and a lookup on those will point you to the correct > top-level servers for each TLD. > > The gtld-servers.net servers contain records for the .com and .net TLDs, > but not (for example) the .org, or .uk TLDs. Doh! I'd totally overlooked that. Guess the brain isn't firing on all cylinders today. > So the reason your second query failed is that you're asking the wrong > servers. To find out which are the top-level servers for .uk domains, you > could ask the true root servers: > > $ dig uk ns @a.root-servers.net > ;; ANSWER SECTION: > uk. 172800 IN NS NS4.NIC.uk. > uk. 172800 IN NS NS3.NIC.uk. > uk. 172800 IN NS NS5.NIC.uk. > uk. 172800 IN NS NS1.NIC.uk. > uk. 172800 IN NS SEC-NOM.DNS.UK.PSI.NET. > uk. 172800 IN NS NS2.NIC.uk. > > Those are the top level servers for the .uk TLD. And when you query one > of those, it works: > > $ dig ns1.businessmedia.co.uk a @NS1.NIC.uk > ;; ANSWER SECTION: > ns1.businessmedia.co.uk. 172800 IN A 80.76.206.74 > > > Note that I queried ns1.businessmedia.co.uk (which worked) for this > example, instead of your example of ns0.businessmedia.co.uk (which > doesn't work for some different reason). It doesn't appear that > ns0.businessmedia.co.uk is registered as a hostname, or if so, it perhaps > isn't used by any .uk domains so it isn't published as glue by the > registry. Both ns0 and ns1 are being used to serve domains, although now that I look at it, I don't think ns0 is being used on any .uk domains. I'll switch one over tomorrow and see if that makes a difference. I think that you may have hit the nail on the head. > >Through some usage of tcpdump, it seems that if a domain has the two > >..co.uk's as it's nameservers, anytime DNS for that domain is queried, it > >must query our servers first to obtain the A records for the nameservers, > >rather than with the hostX.irl.com nameservers, where only the root > >nameservers are queried. > > I think you're probably seeing a side effect of the > "ns0.businessmedia.co.uk" problem. There is something wrong with that > particular one that's unrelated to the issue of glue records being > published for .uk domains in general. Yes, I'm going to have to look into that tomorrow. > Also, note that it's not unheard of for a client to query your > nameservers for their own IP address, whether it's a .com domain or a .uk > domain, even if the top level servers contain the glue. This could > happen, for example, if ns1.example.com and ns2.example.com were > nameservers for example.com, and the address of ns2 (but not ns1) had > expired from the client's cache -- it would be reasonable for it to > consult ns1 for the address of ns2. But for this to be happening at all, > the client had to have originally obtained the IP address for at least > one of them from somewhere other than your name servers, and that place > is the top level server glue. I see. Personally, I've never looked into DNS much beyond the basics of getting it up and running. > >The worry for me, is if I place businessmedia.co.uk on > >ns0.businessmedia.co.uk and ns1.businessmedia.co.uk, and say we have a long > >power outage. Is that domain ever going to recover without me changing the > >nameservers to TLDs? How are other resolving nameservers going to find the > >nsX.businessmedia.co.uk A records if the 2 nameservers are not available? > > Well, this question is actually irrelevant for the reasons mentioned > above (the .uk registry will publish glue records if everything is set up > correctly) -- but even if that weren't the case, it wouldn't really > matter, if you think about it. If ns0.businessmedia.co.uk and > ns1.businessmedia.co.uk are the sole nameservers for a domain, and > they're both down, it makes no difference whether the registry's top > level servers refer clients to the IP addresses of the nameservers or not > -- either way, the client trying to do a lookup of something like > "www.businessmedia.co.uk" will get a failure because it can't reach > either of your nameservers. In my fevered speculation though, it appeared to me as though queries for businessmedia.co.uk would attempt to resolve ns0 and ns1 first, and if both those servers were down, it seemed logical at the time that no query to those nameservers would be able to resolve again. Like a sort of DNS paradox. But now it appears it was simply me not investigating what was happening properly, and I thank you for your time in explaining it to me. > If you're worried about this situation, that's a sign you need better > geographic redundancy for your nameservers so that a power failure > doesn't take out both of them. Look into ZoneEdit, or trading secondary > DNS with someone, or any of many options you'll find with a Google search > for "secondary DNS". I was simply looking at the whois records and got to thinking. As far as redundancy goes, we run all our own servers, have enough instant battery backup to last roughly 2 hours, and have a diesel generator that is supposed to last up to two weeks - although we haven't had to use it to that extreme yet, the longest period we spent on the generator was about 18 hours. We do have access to a couple of UUnet's DNS servers though, and I may inquire as to them providing secondary DNS for us. Again though, thanks for taking the time to point out the flaws in my thinking. Cheers! -- Rick Hodger DomainsBuy.com
