Introduction
I bought the domain earechnung.at with Hetzner and am using my webspace at All-Inkl. I want to use the nameservers of my webhost (All-Inkl).
Zonefiles and Nameservers
As I registered the domain with Hetzner, nic.at (the austrian domain registry) lists the following nameservers (all the ones of Hetzner):
Nameserver (Hostname) 1: ns.second-ns.com
Nameserver (Hostname) 2: ns1.your-server.de
Nameserver (Hostname) 3: ns3.second-ns.de
Zonefile at Hetzner
The zonefile at Hetzner now looks like the following:
$TTL 7200
@ IN SOA ns5.kasserver.com. office.earechnung.at. (
2014030300 ; serial
14400 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
@ IN NS ns6.kasserver.com.
@ IN NS ns5.kasserver.com.
@ IN A 85.13.135.165
mail IN A 85.13.135.165
www IN A 85.13.135.165
w3 IN A 85.13.135.165
ftp IN CNAME www
imap IN CNAME mail
pop IN CNAME mail
relay IN CNAME mail
smtp IN CNAME mail
@ IN MX 10 mail
So what I wanted was to delegate everything to the All-Inkl nameservers (ns5/6.kasserver.com). Therefore I mentioned them as SOA and NS. However it seems like the Hetzner DNS directly responds to the requests.
All-Inkl Zonefile
The administration system of All-Inkl looks like the following for DNS:
DNS-Queries
nslookup from my windows client
>nslookup -type=A -debug w3.earechnung.at.
------------
...
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 2, additional = 2
QUESTIONS:
w3.earechnung.at, type = A, class = IN
ANSWERS:
-> w3.earechnung.at
internet address = 85.13.135.165
ttl = 4933 (1 hour 22 mins 13 secs)
AUTHORITY RECORDS:
-> earechnung.at
nameserver = ns5.kasserver.com
ttl = 4608 (1 hour 16 mins 48 secs)
-> earechnung.at
nameserver = ns6.kasserver.com
ttl = 4608 (1 hour 16 mins 48 secs)
ADDITIONAL RECORDS:
-> ns5.kasserver.com
internet address = 85.13.128.3
ttl = 3758 (1 hour 2 mins 38 secs)
-> ns6.kasserver.com
internet address = 85.13.159.101
ttl = 2220 (37 mins)
------------
Nicht autorisierende Antwort:
Name: w3.earechnung.at
Address: 85.13.135.165
Online tracing
Tracing the DNS-file with simpledns.com outputs the following:
Tracing DNS delegation for "w3.earechnung.at":
Loading root server list (static data):
-> a.root-servers.net (198.41.0.4)
-> b.root-servers.net (192.228.79.201)
-> c.root-servers.net (192.33.4.12)
-> d.root-servers.net (128.8.10.90)
-> e.root-servers.net (192.203.230.10)
-> f.root-servers.net (192.5.5.241)
-> g.root-servers.net (192.112.36.4)
-> h.root-servers.net (128.63.2.53)
-> i.root-servers.net (192.36.148.17)
-> j.root-servers.net (192.58.128.30)
-> k.root-servers.net (193.0.14.129)
-> l.root-servers.net (199.7.83.42)
-> m.root-servers.net (202.12.27.33)
Sending request to "f.root-servers.net" (192.5.5.241)
Received referral response - DNS servers for "at":
-> r.ns.at (194.0.25.10)
-> d.ns.at (81.91.161.98)
-> ns9.univie.ac.at (194.0.10.100)
-> u.ns.at (195.66.241.82)
-> ns1.univie.ac.at (78.104.144.2)
-> n.ns.at (81.91.173.130)
-> j.ns.at (194.146.106.50)
-> ns2.univie.ac.at (192.92.125.2)
Sending request to "n.ns.at" (81.91.173.130)
Received referral response - DNS servers for "earechnung.at":
-> ns3.second-ns.de (no IP address)
-> ns.second-ns.com (no IP address)
-> ns1.your-server.de (no IP address)
Attempting to resolve DNS server name "ns1.your-server.de" (details not logged)
Resolved DNS server name "ns1.your-server.de" to IP address 213.133.106.251
Sending request to "ns1.your-server.de" (213.133.106.251)
Received authoritative (AA) response:
-> Answer: A-record for w3.earechnung.at = 85.13.135.165
-> Authority: NS-record for earechnung.at = ns5.kasserver.com
-> Authority: NS-record for earechnung.at = ns6.kasserver.com
Trace DNS Delegation for another domain name
Questions
My Questions now are:
- Is there a best practice for this scenario (domain with Hoster A, webspace with Hoster B)?
- Should I give the SOA to the Hetzner dns or all-inkl?
- Should I change the nameserver directly at nic.at?
- In my understanding I did not provide a glue record (A record) for ns5 and ns6.kasserver.com. Do I need one or is this done automatically?
- What if I want to use something like CloudFlare? How does the delegation between Hetzner, All-Inkl and Cloudflare works best?
- Which server actually responds to the request?
- If I query w3.earechnung.at which is entered on both dns servers, it seems to me like Hetzners ns1.your-server.de responds with an anauthoritive answer and states, that ns5.kasserver.com is authoritive). Am I right?
- If I query ai.earechnung.at which is only registered on All-Inkls dns server, I receive something like ai.earechnung.at. wurde von UnKnown nicht gefunden: Non-existent domain or server can't find ai.earechnung.at: NXDOMAIN
- I think I delegated the whole site to the all-inkl dns server. Is this correct or is there a better way? Do I have to setup every subdomain at the all-inkl server?
Research
I also looked at the following questions, but could not find an answer (or at least did not understand it):