3

I ran this command

# dig mysite.com @localhost

The result was the below and my zone file is below that. Why is the AUTHORITY SECTION ns.mysite.com.mysite.com? Instead of ns.mysite.com?

Another thing bothering me is how does anyone find mysite.com? It appears my registrar forces me to use TWO domain name. I wrote in ns.mysite.com and ns2.mysite.com. If the domain (mysite.com) is defined on my server how the heck is anyone going to find my server to look up mysite.com?

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mysite.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30664
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mysite.com.                                IN      A

;; ANSWER SECTION:
mysite.com.                 259200  IN      A       1.2.3.4

;; AUTHORITY SECTION:
mysite.com.                 259200  IN      NS      ns.mysite.com.mysite.com.
mysite.com.                 259200  IN      NS      ns2.mysite.com.mysite.com.

;; ADDITIONAL SECTION:
ns.mysite.com.mysite.com.       259200  IN      A       1.2.3.4
ns2.mysite.com.mysite.com.      259200  IN      A       1.2.3.4

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Feb 28 01:25:52 2015
;; MSG SIZE  rcvd: 114

; MYSITE.com
$TTL 3D
MYSITE.com. IN     SOA    ns.MYSITE.com. admin@MYSITE.com. (
                                8545645444  
                                8H          
                                2H          
                                4W          
                                1D)         
MYSITE.com. IN NS ns.MYSITE.com
MYSITE.com. IN NS ns2.MYSITE.com
MYSITE.com. IN A 1.2.3.4
*.MYSITE.com. IN A 1.2.3.4
ns.MYSITE.com. IN A 1.2.3.4
ns2.MYSITE.com. IN A 1.2.3.4

*.MYSITE.com.        IN      MX      1 ASPMX.L.GOOGLE.COM.
*.MYSITE.com.        IN      MX      5 ALT1.ASPMX.L.GOOGLE.COM.
*.MYSITE.com.        IN      MX      5 ALT2.ASPMX.L.GOOGLE.COM.
*.MYSITE.com.        IN      MX      10 ALT3.ASPMX.L.GOOGLE.COM.

*.MYSITE.com.        IN TXT          "v=spf1 include:_spf.google.com ~all"
  • Also note that the `@` symbol refers to `$ORIGIN` value and you SHOULD replace it with a dot in the SOA RR email field (btw, you could shorten your configuration file avoiding `MYSITE.com.` on most of the left hand fields and in the SOA record fields). – Xavier Lucas Feb 28 '15 at 19:49
  • @XavierLucas: I'm a noob and used examples. I don't know what you mean. Do I replace all `MYSITE.com.` with `@` ? how do i write a wildcard/subdomain? `*.@` or `*.MYSITE.com.`. Also is it `@` or `@.`? I'll assume `@` –  Feb 28 '15 at 20:05
  • 1
    No. You should define `$ORIGIN MYSITE.com.` for clarity even if it should be expanded to the zone name. Then all domain names not fully qualified (i.e. not ending with a dot) will have this value added to it. This value can also be used explicitely with `@` in the zone file or with a blank. A refactoring of your configuration should look like this : http://pastebin.com/7J6EV7ZY (pasting it as an external link as it's not an actual answer to your problem). – Xavier Lucas Feb 28 '15 at 20:40
  • @XavierLucas thats pretty easy on the eyes. I WILL do that next time I modify it. I'm using DNSSEC and I sent in the keys for propagation. I don't want to wreck it until I know I need to change something –  Feb 28 '15 at 21:50

2 Answers2

6

These lines are your problem:

MYSITE.com. IN NS ns.MYSITE.com
MYSITE.com. IN NS ns2.MYSITE.com

You need to canonicalise them to stop the domain being reappended:

MYSITE.com. IN NS ns.MYSITE.com.
MYSITE.com. IN NS ns2.MYSITE.com.

This is not the place to ask to be taught about glue records; wikipedia them and read up.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
4
MYSITE.com. IN NS ns.MYSITE.com
MYSITE.com. IN NS ns2.MYSITE.com

IN DNS zone file shorthand a resource record without a trailing . is appended with the $ORIGIN, typically the name of the zone and your name-server becomes effectively ns.MYSITE.com.MYSITE.Com.

The correct format would have been

MYSITE.com. IN NS ns.MYSITE.com.
MYSITE.com. IN NS ns2.MYSITE.com.

Unless you're actually "United Online Web Services, Inc." and the owner of mysite.com it would have been even better to use an example domain name if you want to obfuscate DNS information. The example domain names are specified in RFC 6761, section 6.5:

  • example.com
  • example.net
  • example.org
  • example TLD and any subdomain thereof
Community
  • 1
HBruijn
  • 72,524
  • 21
  • 127
  • 192