0

I try to understand DNS recursion.

Assumed I have deployed a local DNS on my machine using bind. I defined the zone file a A record for server1.example.com. I also defined as NS record in the zone file and have a A that tie to that NS record.

Like the defintion made here:

https://web.mit.edu/rhel-doc/5/RHEL-5-manual/Deployment_Guide-en-US/s1-bind-zone.html

I can query this DNS server locally with

nslookup server1.example.com ::1

This is working as it is authoritative for zone example.com

If I want to use a recursive DNS server such as 8.8.8.8 instead instead of targeting my local DNS directly (which is also authoritative for example.com):

The process will be:

  1. The recursive DNS queries a DNS root nameserver (.).
  2. The root server then responds to the resolver with the address of Top Level Domain (TLD) DNS server (com) 2.The resolver then makes a request to the .com TLD.
  3. The TLD server then responds with the IP address of the domain’s nameserver, example.com.
  4. The recursive resolver sends a query to the domain’s nameserver.
  5. The IP address for server1.example.com (or example.com) is then returned to the resolver from the nameserver.

I am wondering what is the configuration made in TLD DNS server to know the IP of domain’s nameserver, example.com in step 3. How do we do it in practice? Is it is possible to make it point to my machine where named service is running?

How do we ensure that only the owner of the domain name can make this configuration in TLD DNS?

scoulomb
  • 105
  • 3

1 Answers1

3

Your domain's nameservers are set through your domain registrar, and only the registrars can change them. Thus the nameserver addresses returned in "Step 2" were sent to the root nameservers by your domain registrar when you change them at their web site. The root nameservers will only accept updates from the domain's listed registrar.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • 1
    And the TLD name servers indeed will return addresses (hostnames) in the `NS` records, not the IP addresses of the name servers. If the name server is a subdomain of the domain it is authoritative for, e.g. `ns1.example.com` is authoritative for `example.com`, the parent zone (`com`) will also contain [*glue records*](https://serverfault.com/a/1015268/274176) i.e. `A` records with the IP addresses. – Esa Jokinen Jul 23 '20 at 14:11
  • 1
    Right. And those glue records are also provided by and via the registrar. – Michael Hampton Jul 23 '20 at 14:12
  • True. Just wanted to be more precise, because there was a misunderstanding in step 2. This answers the questions, though. – Esa Jokinen Jul 23 '20 at 14:16
  • Indeed it was a big confusion on my side, for `NS`. I am now using Gandi DNS and your precision made me realize that they actually offer 2 services: a DNS nameserver (Gandi Live DNS) and registrar service. With the registrar service we can modify tld `NS` record (and glue if needed) to point to another nameserver like Amazon route 53 or my own DNS with bind! I made some experience here:https://github.com/scoulomb/myDNS/blob/master/2-advanced-bind/5-real-own-dns-application/2-modify-tld-ns-record.md – scoulomb Aug 20 '20 at 11:54