[AusNOG] Are domain name server pointers reliant on registrar name server?

Bradley Silverman bsilverman at staff.ventraip.com
Mon Oct 29 15:54:30 EST 2018 

@Peter - Hey mate, I never said our nameservers would server records, I
said the server itself would not go looking as it would assume that as it
hosts the website, and has DNS records, that it itself is authoritative.
This is basically how all Control Panel like systems function (cPanel,
Plesk etc).
Our nameservers are not responding incorrectly, or at all in this
circumstance, it's just the server not making a DNS query as it assumes it
has that information already haha!

@Ian - Yeah that'll do it mate, give that a switch or hit up support and
they can help sort that one out for you.

@Christopher - That's exactly what happens. It's also why our server use a
resolver and don't query the same nameservers that they update, else ALL
servers in that cluster would fail to get the correct address. To make
clearer, (and not using the correct resolvers for privacy), our syd1
servers send their DNS records to ns1.syd1.hostingplatform.net.au, however
when those same servers query DNS, they don't query
ns1.syd1.hostingplatform.net.au, this ensures they all get the correct
records that the rest of the world see. The sole exception, as mentioned,
is that if the server hosts a specific domain, it won't do a DNS check on
it externally.

I hope that helps clear it up for everyone!
[image: VentraIP Australia logo]


*Bradley Silverman*Technical Operations \\ VentraIP Australia
*M: *+61 418 641 103 | *P:* +61 3 9013 8464 | ventraip.com.au


On Mon, Oct 29, 2018 at 3:05 PM Peter Fern <ausnog at 0xc0dedbad.com> wrote:

> This is indeed a confusing response.
>
> Why does your nameserver have records for a domain it does not host?  If a
> user has delegated their DNS away to some other nameservers, you should not
> be serving any records from your nameservers, so the described scenario
> should never happen. Sounds like a problem for VentraIP to fix.
>
> On 29/10/18 2:38 pm, Bradley Silverman wrote:
>
> Hi Matt,
>
> To answer your specific question, no they wouldn't.
>
> BUT there is an exception:
>
> If your site was hosting with us it does add one small layer of
> complexity, which often trips people up.
> Servers are very arrogant, and assume they are the be all and end all. So
> for instance, let's say you are using Cloudflare as your Nameservers for
> example.com.au, and your domain is with Synergy Wholesale.
>
> Synergy Wholesale has the nameservers:
> ns1.cloudflare.com (I realize that is wrong)
> ns2.cloudflare.com
>
> Cloudflare has the same nameservers plus:
> An A record pointing to the VentraIP Server you are on (
> s111.syd2.hostingplatform.net.au)
> A MX record pointing to Outlook 365 for your email
>
> VentraIP on S111.syd2 has the records:
> An A record pointing to itself
> A MX Record pointing to itself (the default for web hosting generally
> speaking).
>
> In this circumstance, S111.syd2.hostingplatform.net.au will assume it is
> the DNS host. The issue comes when your website has something like a
> contact form, or another user that uses VentraIP (and is on that server)
> tries to send an email, it will try to deliver locally.
> This is where Remote MX (in cPanel) comes into play, it tells
> S111.syd2.hostingplatform.net.au that it *isn't* the email host, and to
> send the email out into the world to find it's own way.
>
> The other time this will get messy is if you have a sub domain defined on
> S111.syd2 for test.example.com.au and also have an A record defined at
> Cloudflare pointing off to otherhostingcompany.com, the rest of the world
> will go to otherhostingcompany.com for the domain test.example.com.au,
> but s111.syd2 will look at it's own subdomain for the site, only important
> in cases where your website at example.com.au actually looks at
> test.example.com.au.
>
> I hope that answers it and doesn't make it more confusing for you!
>
> [image: VentraIP Australia logo]
>
>
> *Bradley Silverman *Technical Operations \\ VentraIP Australia
> *M: *+61 418 641 103 | *P:* +61 3 9013 8464 | ventraip.com.au
>
>
> On Mon, Oct 29, 2018 at 11:41 AM Matt Selbst <matt.j.selbst at gmail.com>
> wrote:
>
>> Hey Bradley,
>>
>> Thanks for your answer. So assuming I'm not using you for DNS hosting
>> (e.g. using a third party like CloudFlare or AWS Route53) then would your
>> name servers ever be involved in DNS queries for my domain?
>>
>> -Matt
>>
>> On Mon, Oct 29, 2018 at 10:13 AM Bradley Silverman <
>> bsilverman at staff.ventraip.com> wrote:
>>
>>> Hi Matt,
>>>
>>> A lot of confusing answers in here, even to me and this is my job to
>>> understand them.
>>>
>>> To answer your exact question without filler information:
>>> Your registrar (Synergy Wholesale, TPP Wholesale, NetRegistry) need to
>>> have the Nameserver records (ns1.server.net and ns2.server.net) for the
>>> domain (Example.com.au).
>>> Then your actual nameservers (ns1.server.net and ns2.server.net)
>>> actually require the exact same nameserver records. Trust me, I have seen
>>> things go awry when this isn't the case.
>>>
>>> While you are technically reliant on the root, auDA, and Affilias, all
>>> their job is to get someones request to the .com.au namespace TO the actual
>>> .com.au domains, and not something you ever have to worry about.
>>>
>>> All you need to do is make sure both your registrar and your nameservers
>>> point to your nameservers. Does that make sense?
>>> [image: VentraIP Australia logo]
>>>
>>>
>>> *Bradley Silverman *Technical Operations \\ VentraIP Australia
>>> *M: *+61 418 641 103 | *P:* +61 3 9013 8464 | ventraip.com.au
>>>
>>>
>>> On Mon, Oct 29, 2018 at 6:16 AM Matt Selbst <matt.j.selbst at gmail.com>
>>> wrote:
>>>
>>>> Right, so for the sake of clarity as I understand it from the responses
>>>> - I'm reliant on root, auDA and Afilias name servers but NOT my registrar
>>>> e.g. Synergy Wholesale, TPP Wholesale, NetRegistry etc....
>>>>
>>>> On Mon, Oct 29, 2018 at 5:59 AM Peter Fern <ausnog at 0xc0dedbad.com>
>>>> wrote:
>>>>
>>>>> On 28/10/18 11:58 pm, Chad Kelly wrote:
>>>>> > On 10/28/2018 11:10 PM, ausnog-request at lists.ausnog.net wrote:
>>>>> >
>>>>> >> The original post was asking if the registrar is relied upon here
>>>>> >> (and the answer is no).
>>>>> > But the nameservers themselves still need to be listed at the
>>>>> > registrar level so that they can be found on the public internet.
>>>>> > Otherwise you run into issues with dns lookups and them not being
>>>>> able
>>>>> > to resolve your dns correctly.
>>>>> > They call this having registry hosts.
>>>>> >
>>>>>
>>>>> registrar != registry
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181029/bd5251f2/attachment-0001.html>

More information about the AusNOG mailing list