2

Whenever we register a new domain name from a Registrar, we need to tell them what is the nameserver by providing them the dns server IP address.

But in the same time in the zone file of our dns server (I will use bind9 in this case), we also add the RR like the following:

abc.net.    IN NS ns1.abc.net.
abc.net.    IN NS ns2.abc.net.

which is the authoritative record.

1)So what is the purpose of having the authoritative record of NS in the zone file of abc.net, since when one trying to resolve let say www.abc.net, the TLD .net already tell us they are in ns1.abc.net and ns2.abc.net ?

2)Since from the delegation concept point of view, NS record only need to be stored in the parent of the zone, meaning root server NS tell us NS of .net, .net server NS tell us the NS of .abc.net and .abc.net NS resolve the dns query. so in order to resolve www.abc.net, there are only 3 set of NS IP address we need to know:

  1. root server NS that tell us where is .net, .org, .uk, .it...etc. root server NS IP is store in bind9 named.ca
  2. .net NS that tell us where is .abc.net, .xyz.net, ...etc. .net NS IP is stored in root server NS record.
  3. .abc.net NS that tell us where is www.abc.net, mail.abc.net,...etc. .abc.net NS IP is stored in .net NS record.
  4. so since we don't have any www.subdomain.abc.net, we shouldn't need to store any NS record for .subdomain.abc.net, isn't it ?

3)What will happen if I don't put the NS record of abc.net in my abc.net zone file ?

4)What if I have NS record in my zone file but not in the Registrar? which one will be the resolver take ?

There are a detail answer here, but I still don't understand the meaning behind it.

Community
  • 1
sylye
  • 241
  • 5
  • 13
  • Let me know if you're still having trouble after reading that. This one hurt my head for awhile too. :) – Andrew B Jun 02 '16 at 15:27
  • Thanks Andrew! Your answer in another thread is very clear ! But after reading yours, about my question(3) and (4), I am still not sure what is the correct answer. Do you mind to answer that for me ? Thanks a lot! – sylye Jun 03 '16 at 04:16
  • 3) The zone will refuse to load. Apex `NS` and `SOA` records are mandatory per the standards. 4) Without the registrar record, no one on the internet will be directed to your zone file. Only devices using this DNS server for recursion will receive answers from the zone file. This is not a recommended configuration as you do not actually own the zone. – Andrew B Jun 03 '16 at 05:03
  • (3) what if I have two dns server ns1 and ns2, I put them both in the Registrar, but only put ns1 in the zone file, will be the public use the ns2 if they do a 'dig www.abc.net' ? and if ns1 down, will public able to get any result ? – sylye Jun 03 '16 at 09:31
  • Initially both will be used, then only one will be used when the NS record is refreshed. (as described by the linked Q&A from earlier) One NS record is a very bad config. – Andrew B Jun 03 '16 at 12:22
  • I see, got it! Thanks for the reply ! and no worries, I definitely won't set only one NS record, it's just for the illustration of the scenario :) – sylye Jun 06 '16 at 02:24

0 Answers0