[dns-operations] a question on sub-zone authorization

Bob Harold rharolde at umich.edu
Thu Jun 1 14:35:16 UTC 2017


On Thu, Jun 1, 2017 at 8:28 AM, Peng Yonghua <pyh at vodafonemail.de> wrote:

> Hi,
>
> Sorry I may be asking a low-end question.
>
> I dig this and find .uk is auth-resolved by a group of nic.uk name
> servers.
>
> $ dig org.uk. ns @d.root-servers.net
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> org.uk. ns @
> d.root-servers.net
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2021
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 13
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;org.uk.                                IN      NS
>
> ;; AUTHORITY SECTION:
> uk.                     172800  IN      NS      dns1.nic.uk.
> uk.                     172800  IN      NS      dns4.nic.uk.
> uk.                     172800  IN      NS      nsc.nic.uk.
> uk.                     172800  IN      NS      nsd.nic.uk.
> uk.                     172800  IN      NS      nsb.nic.uk.
> uk.                     172800  IN      NS      dns3.nic.uk.
> uk.                     172800  IN      NS      nsa.nic.uk.
> uk.                     172800  IN      NS      dns2.nic.uk.
>
> ;; ADDITIONAL SECTION:
> nsa.nic.uk.             172800  IN      A       156.154.100.3
> nsb.nic.uk.             172800  IN      A       156.154.101.3
> nsc.nic.uk.             172800  IN      A       156.154.102.3
> nsd.nic.uk.             172800  IN      A       156.154.103.3
> dns1.nic.uk.            172800  IN      A       213.248.216.1
> dns2.nic.uk.            172800  IN      A       103.49.80.1
> dns3.nic.uk.            172800  IN      A       213.248.220.1
> dns4.nic.uk.            172800  IN      A       43.230.48.1
> nsa.nic.uk.             172800  IN      AAAA    2001:502:ad09::3
> dns1.nic.uk.            172800  IN      AAAA    2a01:618:400::1
> dns2.nic.uk.            172800  IN      AAAA    2401:fd80:400::1
> dns3.nic.uk.            172800  IN      AAAA    2a01:618:404::1
> dns4.nic.uk.            172800  IN      AAAA    2401:fd80:404::1
>
> ;; Query time: 256 msec
> ;; SERVER: 199.7.91.13#53(199.7.91.13)
> ;; WHEN: Thu Jun  1 20:14:05 2017
> ;; MSG SIZE  rcvd: 444
>
>
>
> Then I dig this:
>
> $ dig org.uk. ns @dns2.nic.uk
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> org.uk. ns @
> dns2.nic.uk
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25645
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;org.uk.                                IN      NS
>
> ;; ANSWER SECTION:
> org.uk.                 172800  IN      NS      nsc.nic.uk.
> org.uk.                 172800  IN      NS      dns3.nic.uk.
> org.uk.                 172800  IN      NS      dns1.nic.uk.
> org.uk.                 172800  IN      NS      dns4.nic.uk.
> org.uk.                 172800  IN      NS      nsd.nic.uk.
> org.uk.                 172800  IN      NS      dns2.nic.uk.
> org.uk.                 172800  IN      NS      nsa.nic.uk.
> org.uk.                 172800  IN      NS      nsb.nic.uk.
>
> ;; Query time: 261 msec
> ;; SERVER: 103.49.80.1#53(103.49.80.1)
> ;; WHEN: Thu Jun  1 20:14:19 2017
> ;; MSG SIZE  rcvd: 176
>
>
>
> I think the data path should be: root nameservers -> .uk nameservers -> .
> org.uk nameservers
>
> since .uk nameservers are the same with .org.uk nameservers, so the
> reference from uk to org.uk is not needed.
>
> Do I guess it right? thanks in advance.
>
>
You are correct.  The nameservers answer with the most specific referral
that they have.

-- 
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170601/81db27ac/attachment.html>


More information about the dns-operations mailing list