[dns-operations] domain in .no, nameserver in .com - where is the glue?
Mark Andrews
Mark_Andrews at isc.org
Mon Aug 20 22:57:50 UTC 2007
> Q1:
> How "bad" is it to have a domain's name servers under another TLD?
> For example, apple.no has all NS's under .com.
If its only one level of indirection its not too bad. What's
bad is when the server also need another level of indirection.
My rule of thumb is "a server should server the zone it lives in".
This allows for zero or one level of indirection.
There have been cases that exceeded BIND 8's old limit of
5 levels of indirection.
All the servers for apple.no meet this rule of thumb as do the
servers for apple.com, euro.apple.com and asia.apple.com.
apple.no. 604761 IN NS nserver.apple.com.
apple.no. 604761 IN NS nserver2.apple.com.
apple.no. 604761 IN NS nserver.euro.apple.com.
apple.com. 431946 IN NS nserver.euro.apple.com.
apple.com. 431946 IN NS nserver2.apple.com.
apple.com. 431946 IN NS nserver.apple.com.
apple.com. 431946 IN NS nserver.asia.apple.com.
apple.com. 431946 IN NS nserver4.apple.com.
apple.com. 431946 IN NS nserver3.apple.com.
euro.apple.com. 604800 IN NS nserver.euro.apple.com.
euro.apple.com. 604800 IN NS nserver2.apple.com.
euro.apple.com. 604800 IN NS nserver.asia.apple.com.
euro.apple.com. 604800 IN NS nserver3.apple.com.
euro.apple.com. 604800 IN NS nserver4.apple.com.
euro.apple.com. 604800 IN NS nserver.apple.com.
asia.apple.com. 432000 IN NS nserver4.apple.com.
asia.apple.com. 432000 IN NS nserver3.apple.com.
asia.apple.com. 432000 IN NS nserver.apple.com.
asia.apple.com. 432000 IN NS nserver.asia.apple.com.
asia.apple.com. 432000 IN NS nserver2.apple.com.
> Q2:
> When doing a dig trace for www.apple.no, I don't see any lookups for
> .com-addresses. How does the resolver find the A record for the name
> servers?
It looks up the addresses using gethostbyname/getaddrinfo.
> # dig +trace a www.apple.no
>
> ; <<>> DiG 9.3.3 <<>> +trace a www.apple.no
> ;; global options: printcmd
> . 311456 IN NS I.ROOT-SERVERS.NET.
> . 311456 IN NS G.ROOT-SERVERS.NET.
> . 311456 IN NS A.ROOT-SERVERS.NET.
> . 311456 IN NS L.ROOT-SERVERS.NET.
> . 311456 IN NS F.ROOT-SERVERS.NET.
> . 311456 IN NS D.ROOT-SERVERS.NET.
> . 311456 IN NS H.ROOT-SERVERS.NET.
> . 311456 IN NS J.ROOT-SERVERS.NET.
> . 311456 IN NS B.ROOT-SERVERS.NET.
> . 311456 IN NS K.ROOT-SERVERS.NET.
> . 311456 IN NS C.ROOT-SERVERS.NET.
> . 311456 IN NS E.ROOT-SERVERS.NET.
> . 311456 IN NS M.ROOT-SERVERS.NET.
> ;; Received 436 bytes from 195.67.199.24#53(195.67.199.24) in 12 ms
>
> no. 172800 IN NS Y.NIC.no.
> no. 172800 IN NS Z.NIC.no.
> no. 172800 IN NS NOT.NORID.no.
> no. 172800 IN NS NJET.NORID.no.
> no. 172800 IN NS I.NIC.no.
> no. 172800 IN NS X.NIC.no.
> ;; Received 237 bytes from 192.36.148.17#53(I.ROOT-SERVERS.NET) in 19 ms
>
> apple.no. 86400 IN NS nserver.euro.apple.com.
> apple.no. 86400 IN NS nserver.apple.com.
> apple.no. 86400 IN NS nserver2.apple.com.
> ;; Received 111 bytes from 193.71.199.51#53(Y.NIC.no) in 29 ms
>
> www.apple.no. 86400 IN CNAME euro-red.apple.com.
> euro-red.apple.com. 86400 IN A 17.254.3.122
> apple.com. 432000 IN NS nserver.euro.apple.com.
> apple.com. 432000 IN NS nserver.apple.com.
> apple.com. 432000 IN NS nserver2.apple.com.
> apple.com. 432000 IN NS nserver3.apple.com.
> apple.com. 432000 IN NS nserver4.apple.com.
> apple.com. 432000 IN NS nserver.asia.apple.com.
> ;; Received 319 bytes from 17.72.133.64#53(nserver.euro.apple.com) in 62 ms
>
>
> (The first server queried 195.67.199.24 is my ISP's DNS)
dig needs to find the list of root servers somehow.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations
mailing list