[dns-operations] a question on sub-zone authorization

Peng Yonghua pyh at vodafonemail.de
Thu Jun 1 12:28:17 UTC 2017 

Hi,

Sorry I may be asking a low-end question.

I dig this and find .uk is auth-resolved by a group of nic.uk name servers.

$ dig org.uk. ns @d.root-servers.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> org.uk. ns 
@d.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2021
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;org.uk.                                IN      NS

;; AUTHORITY SECTION:
uk.                     172800  IN      NS      dns1.nic.uk.
uk.                     172800  IN      NS      dns4.nic.uk.
uk.                     172800  IN      NS      nsc.nic.uk.
uk.                     172800  IN      NS      nsd.nic.uk.
uk.                     172800  IN      NS      nsb.nic.uk.
uk.                     172800  IN      NS      dns3.nic.uk.
uk.                     172800  IN      NS      nsa.nic.uk.
uk.                     172800  IN      NS      dns2.nic.uk.

;; ADDITIONAL SECTION:
nsa.nic.uk.             172800  IN      A       156.154.100.3
nsb.nic.uk.             172800  IN      A       156.154.101.3
nsc.nic.uk.             172800  IN      A       156.154.102.3
nsd.nic.uk.             172800  IN      A       156.154.103.3
dns1.nic.uk.            172800  IN      A       213.248.216.1
dns2.nic.uk.            172800  IN      A       103.49.80.1
dns3.nic.uk.            172800  IN      A       213.248.220.1
dns4.nic.uk.            172800  IN      A       43.230.48.1
nsa.nic.uk.             172800  IN      AAAA    2001:502:ad09::3
dns1.nic.uk.            172800  IN      AAAA    2a01:618:400::1
dns2.nic.uk.            172800  IN      AAAA    2401:fd80:400::1
dns3.nic.uk.            172800  IN      AAAA    2a01:618:404::1
dns4.nic.uk.            172800  IN      AAAA    2401:fd80:404::1

;; Query time: 256 msec
;; SERVER: 199.7.91.13#53(199.7.91.13)
;; WHEN: Thu Jun  1 20:14:05 2017
;; MSG SIZE  rcvd: 444



Then I dig this:

$ dig org.uk. ns @dns2.nic.uk

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> org.uk. ns 
@dns2.nic.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25645
;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;org.uk.                                IN      NS

;; ANSWER SECTION:
org.uk.                 172800  IN      NS      nsc.nic.uk.
org.uk.                 172800  IN      NS      dns3.nic.uk.
org.uk.                 172800  IN      NS      dns1.nic.uk.
org.uk.                 172800  IN      NS      dns4.nic.uk.
org.uk.                 172800  IN      NS      nsd.nic.uk.
org.uk.                 172800  IN      NS      dns2.nic.uk.
org.uk.                 172800  IN      NS      nsa.nic.uk.
org.uk.                 172800  IN      NS      nsb.nic.uk.

;; Query time: 261 msec
;; SERVER: 103.49.80.1#53(103.49.80.1)
;; WHEN: Thu Jun  1 20:14:19 2017
;; MSG SIZE  rcvd: 176



I think the data path should be: root nameservers -> .uk nameservers -> 
.org.uk nameservers

since .uk nameservers are the same with .org.uk nameservers, so the 
reference from uk to org.uk is not needed.

Do I guess it right? thanks in advance.

regards.

More information about the dns-operations mailing list