0

I trying to understand the difference between an A record with @ and ns records.

I am trying to point a subdomain testing.example.com to another server that will have its own DNS server, mail server and will be able to publish its dkim, spf & dmarc records.

As far as I understand from answer provided by sysadmin1138 here: Glue records for sub domains?

I need to have following glue records in example.com domain

example.com:
[...]
testing.example.com.     IN NS ns1.testing.example.com.
testing.example.com.     IN NS ns2.testing.example.com.
ns1.testing.example.com. IN  A 113.197.55.206
ns2.testing.example.com. IN  A 113.197.55.206

So should I also add A record with @ and point it to 113.197.55.206?

Muhammad Mehroz Anjum
  • 3
  • 3

1 Answers1

1

@ is a simply "origin". It is used where domain name syntactically should go, but that name is the same as origin set. I.e. in the BIND config you said zone "domain.com", then the origin is domain.com (until re-set by $ORIGIN directive in the zone file) and @ NS ns is same as domain.com. NS ns.domain.com.. Note, any record without trailing dot gets an origin automatically appended, but to exploit this feature you had to leave "empty name" for NS record, which means other things (for this case think incorrect syntax). Thus the symbol @ was invented.

This means, it has nothing to do with glue records or delegation records specifically. You may even opt to not use it at all anywhere, you may well write everything explicitly. Like this: if you want to make A record, you may use @ for that, like @ A 192.0.2.1, but you may also don't use it and write as domain.com. A 192.0.2.1 (provided origin is still domain.com).

Read http://www.zytrax.com/books/dns/apa/origin.html

Glue is needed when the subdomain has DNS server name inside its zone. Let's delegate sub.example.com to ns.sub.example.com which has address 192.0.2.2. For this to work, we need to resolve that ns.sub.example.com A record beforehand, but who should answer the query? The server where we delegate a zone couldn't, because we still don't know its address until we resolved this query. This chiken-and-egg problem is solved by the glue record: the delegating server will store a ns.sub.example.com A 192.0.2.2 record. Then, we can also use a nameserver delegation record, sub.example.com. NS ns.sub.example.com..

Or, if your origin is example.com, that would be ns.sub A 192.0.2.2 - glue and sub NS ns.sub - delegation. The @ symbol isn't used here, because we don't meet "empty name" anywhere.

Or, you can set $ORIGIN sub.example.com and then @ would have to be used: our records will be written as ns A 192.0.2.2 and @ NS ns.

Note, that despite the fact I suggested three ways to express this delegation with glue record, all three cases express the exactly same information and will work the same. It just syntactical difference, not principal.

If you delegate the zone to the server not having its name inside that zone, glue is not needed. For example, if sub.example.com is being delegated to the ns.example.org, then a single sub.example.com. NS ns.example.org. is needed, because ns.example.org's address will be resolved other way.

And a remark. The fact DNS registrars require you to specify at least two DNS servers doesn't mean you have to also require multiple DNS servers. It doesn't improve anything if you specify the same server twice. For your particular case one glue and one delegation record will suffice.

Nikita Kipriyanov
  • 8,033
  • 1
  • 21
  • 39