I think I'm getting the hang of this: * Glue Records register you with [a-m].gtld-servers.net * ns1.example-dns-server.com -> 127.0.0.1
* Nameserver records for a .com should point to a .com Glue Record * example-domain.com -> [ns1-ns4].example-dns-server.com * example-domain.org -> [ns1-ns4].example-dns-server.org * example-domain.jp -> [ns1-ns4].example-dns-server.jp * DNS Records are the day to day records * www.example.com -> 127.0.0.1 * example.com -> 127.0.0.1 If all of that is in order, than you get fast, simple lookups like this: http://dns.squish.net/traverses/08279c57ce69f73e711d569d9296ba80/detail ( google.com) If it isn't you might get slow, convoluted lookups. A global CDN (like Akamai) will look like this: http://dns.squish.net/traverses/3439ce0d2e2ae86b303b5b9dc2bf9197/detail ( name.com) (which seems slow in that tool, but is probably very fast for region-specific routed queries) (in any case, it is a little convoluted in that it needs to go to the root more than once) I am currently set up to use ns1.redirect-www.org, but since most of my dynamic domains re .com domains, I should also set up a .com nameserver to be most efficient. In name.com I was able to find "NS Registration" which is where I was able to set the *glue records* as ns1.redirect-www.org -> 192.241.238.7 ns2.redirect-www.org -> 66.172.33.29 Then I changed my *nameservers* for both ns1.redirect-www.org and coolaj86.com ns1.name.com to ns1.redirect-www.org ns2.name.com to ns2.redirect-www.org ns3.name.com (deleted) ns4.name.com (deleted) I left the *DNS records* for [ns1-ns2].redirect-www.org in name.com's records so that while the changes propagate they'll still be available. I'll go back and delete those later. I double checked that my SOA, NS, IN, and A records for [ns1-ns2]. redirect-www.org are correct. My assumption is that my records should look pretty similar to google's for dig google.com SOA @ns1.google.com dig google.com NS @ns1.google.com dig google.com IN @ns1.google.com dig google.com A @ns1.google.com See https://gist.github.com/coolaj86/9b46aeb3329a06f5923d Let me know if anything here still looks wrong: *dig coolaj86.com <http://coolaj86.com> SOA @ns1.redirect-www.org <http://ns1.redirect-www.org>* ; <<>> DiG 9.8.3-P1 <<>> coolaj86.com SOA @ns1.redirect-www.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24396 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;coolaj86.com. IN SOA ;; ANSWER SECTION: coolaj86.com. 7200 IN SOA ns1.redirect-www.org. hostmaster.coolaj86.com. 2015031200 10800 3600 1209600 1800 ;; AUTHORITY SECTION: coolaj86.com. 3600 IN NS ns1.redirect-www.org. coolaj86.com. 3600 IN NS ns2.redirect-www.org. ;; ADDITIONAL SECTION: ns1.redirect-www.org. 3600 IN A 192.241.238.7 ns2.redirect-www.org. 3600 IN A 66.172.33.29 ;; Query time: 36 msec ;; SERVER: 192.241.238.7#53(192.241.238.7) ;; WHEN: Mon Mar 16 14:08:26 2015 ;; MSG SIZE rcvd: 161 *dig coolaj86.com <http://coolaj86.com> NS @ns1.redirect-www.org <http://ns1.redirect-www.org>* ; <<>> DiG 9.8.3-P1 <<>> coolaj86.com NS @ns1.redirect-www.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55990 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;coolaj86.com. IN NS ;; ANSWER SECTION: coolaj86.com. 3600 IN NS ns1.redirect-www.org. coolaj86.com. 3600 IN NS ns2.redirect-www.org. ;; ADDITIONAL SECTION: ns1.redirect-www.org. 3600 IN A 192.241.238.7 ns2.redirect-www.org. 3600 IN A 66.172.33.29 ;; Query time: 32 msec ;; SERVER: 192.241.238.7#53(192.241.238.7) ;; WHEN: Mon Mar 16 14:09:35 2015 ;; MSG SIZE rcvd: 114 *dig coolaj86.com <http://coolaj86.com> IN @ns1.redirect-www.org <http://ns1.redirect-www.org>* ; <<>> DiG 9.8.3-P1 <<>> coolaj86.com IN @ns1.redirect-www.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59574 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;coolaj86.com. IN A ;; ANSWER SECTION: coolaj86.com. 300 IN A 45.56.23.132 ;; Query time: 122 msec ;; SERVER: 192.241.238.7#53(192.241.238.7) ;; WHEN: Mon Mar 16 14:10:20 2015 ;; MSG SIZE rcvd: 46 *dig coolaj86.com <http://coolaj86.com> A @ns1.redirect-www.org <http://ns1.redirect-www.org>* ; <<>> DiG 9.8.3-P1 <<>> coolaj86.com A @ns1.redirect-www.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38005 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;coolaj86.com. IN A ;; ANSWER SECTION: coolaj86.com. 300 IN A 45.56.23.132 ;; Query time: 33 msec ;; SERVER: 192.241.238.7#53(192.241.238.7) ;; WHEN: Mon Mar 16 14:10:49 2015 ;; MSG SIZE rcvd: 46 AJ ONeal (317) 426-6525 On Mon, Mar 16, 2015 at 12:37 PM, AJ ONeal (Home) <coola...@gmail.com> wrote: > Given #1: I'm quite ignorant as to how to be my own nameserver. > Given #2: I want to do it anyway. > Given #3: I am learning, slowly. > Given #4: My goal is a custom Dynamic DNS service that I control > completely (changing coolaj86.com to use my DNS service is just part of > the testing process). > > First problem that I see is that coolaj86.com uses NS records that are >> not in-bailiwick (e.g. ns1.redirect-www.org; and yes, I realize this is >> common practice, but it doesn't mean it's best practice) which adds >> latency to first time lookup of your domain. > > > I don't understand what *in-bailiwick* means. > > From context and a little bit of googling I think that means "If you're > running a .org, everything in the chain should be .org and not bounce > between .com, .org, .net, etc". > > >> Second, the NS delgations >> are in the .org domain which is notoriously slow for a resolver to look >> up (primarily because it also uses a lot of not in-bailiwick NS >> delegations). > > > I like using ns1.redirect-www.org because it's a junk domain that won't > have any dynamic domains dangling from it. > I also have foobar3000.com, helloworld3000.com, hellabit.com, and a few > others, but I plan to use them with dynamic subdomains. > > This raises another question: > dig ns1.google.com @ns1.google.com > dig google.com @ns1.google.com > > How is it that google.com claims authority for itself? > > Could I host the records for ns1.hellabit.com on hellabit.com? > On name.com (my registrar) I don't seem to have the option of putting in > an IP address. It looks like I *must* use ns1.hellabit.com - but that > would mean that I couldn't serve the record for ns1.hellabit.com from > ns1.hellabit.com. > > Is this a limitation of name.com? Or am I supposed to seed out > ns1.hellabit.com using name.com's nameservers and then switch my > nameserver for my nameserver to be itself after it has propagated? > > Third, lookup for ns1.redirect-www.org requires yet more >> delegations to .com to resolve (e.g. to resolve ns1.redirect-www.org, a >> resolver must start over again and lookup ns1.name.com). > > > I think I need to understand better the 1st two points and then I'll > understand what to do here. > > >> And fourth, >> name.com apparently uses another not in-bailiwick to .net via Akamai >> (e.g. NS delegations for name.com have usw1.akam.net; which is again not >> in-bailiwick), another service notorious for messing with DNS in ways >> that make unfriendly gestures to DNS resolvers. So a DNS resolvers is >> crossing all kinds of zone boundaries (.org, .net, .com, and .info) just >> to lookup A coolaj86.com. >> > > Sounds like bad-news-bears all the way around. It sounds like if I could > do what google does and be my own authority, this problem would go away, > yes? > > >> >> Keep in mind that the more delegations that happen, the more things that >> have to be cached by the DNS resolver (and consquently, the more things >> that could potentially get out of sync due to various TTLs on records). >> For example, you have a small TTL on coolaj86.com, which might make it >> nice for the hosting provider if they move your domain around a lot on >> their infrastructure, but it does mean that if their DNS servers have a >> hiccup, folks who visited the website just 301 seconds ago, will >> suddenly get an error that the host cannot be found. If it had a larger >> TTL, it could be cached longer by DNS resolvers. >> > > The TTL for coolaj86.com could be much longer without issue, but I will > be using dyndns for other domains and subdomains, so I'll just have to > accept the risk here, I think. > > AJ ONeal > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */