1

Two cases :

Case 1- example.com's zone file :

@      IN    SOA    dns.example.com.    info.example.com.    (1 8H 8H 8H 8H)
       IN    NS     dns
dns    IN    A      123.123.123.123

How are the second and third line useful? I understand that they may be necessary in order for dns.example.com to be defined. Is there another use?

Case 2- foo.com's zone file :

@      IN    SOA    dns.example.com.    info.foo.com.    (1 8H 8H 8H 8H)
       IN    NS     dns.example.com.

In this case, is the second line necessary? Why would it be useful to have this NS record for the foo.com's zone if we are already IN the zone?

Additionally, is it necessary that the first and second line both point to the same server? If no, in which situation would they be different?

Gradient
  • 247
  • 1
  • 2
  • 6
  • the name is the SOA is just where the file was created/authority. It doesn't have to match the NS records (but normally does). It is isn't used to figure out the NS for the domains, so yes the second line is required. – Doon Jul 18 '13 at 16:17
  • 1
    There are other uses. For example the NS records are used when you have Bind style zone transfers. The master server will often be setup to sent notifies to all the servers listed as NS records, whenever a change in the master zone is made. Prompting all your secondaries to transfer the zone. – Zoredache Jul 18 '13 at 16:49

1 Answers1

1

You may need to do some research about DNS and it's records. The First line in the first example is the Start Of Authority. It provides basic details such as the master nameserver, the administrative email address, the zone serial number, and timer options.

Second line is determining that the server is indeed an authoritative server for the zone. Meaning it has authority to respond for the domain. This is the purpose of NS records.

The following is the glue record associated with the nameserver. Since the NS record is in the same zone as the domain you are looking up, it needs to determine the IP to hit in order to preform the look-up.

In the second example, it follows the same path, except, since the nameservers are in a different zone, it does the look-up inside of that zone instead.

With DNS, it is a systematic process to determine you got the right records for the right things. That is why you will often see multiple lines as it steps through the appropriate records.

Matt W
  • 129
  • 3
  • 1
    I understand how NS records are necessary to delegate a zone to another server. For example : "sub.example.com. IN NS 321.321.321.321". But I don't see the point of an NS record for the current zone. – Gradient Jul 18 '13 at 16:34
  • The NS record tells you that the server is authoritative. It does not however tell you the IP where it's located. You need A(glue) records for that. The SOA simple is a starting point, not an NS record. It tells it where to start to find the records appropriate. In all cases it starts with SOA, then an NS is looked up, then the appropriate A record in the appropriate zone. You're assuming that the SOA should just be the NS server, but it's not. The SOA record is used for a lot of things, but it's not used to determine the NS server it's going to use. – Matt W Jul 18 '13 at 16:41
  • Still, I don't see the point of having an NS record for the current zone. If I need to resolve the name "ftp.example.com", something somewhere else will have to point me to "example.com". Then, when I am on example.com's DNS server, there is no need for an NS record for example.com, as I am already on the server. I would just look for an A record for ftp. – Gradient Jul 18 '13 at 17:03
  • 1
    The point of the NS record is to determine if it truly authoritative for the zone. If the server isn't authoritative, the response shouldn't be trusted as it could be a potential attack to send you to a compromised of infected site. – Matt W Jul 18 '13 at 17:06