[AusNOG] Are domain name server pointers reliant on registrar name server?

Mark Andrews marka at isc.org
Mon Oct 29 12:52:54 EST 2018


The PC sends a recursive request to the recursive server.

The recursive server sends the query to the best match name servers it has knowledge of with the root servers being the servers of last resort.  Those servers either know the answer or return a referral to a closer set of servers.  This repeats until the recursive servers talk to servers that are authoritative for the query name.  The authoritative servers may return name error (NXDOMAIN), no data (NOERRR with zero records) or a RRset (NOERROR with records).  The recursive server then returns this to the client.

If CNAMEs are involved this procedure is followed for each CNAME in the chain and a answer for the clien is constructed from all the answers received from all the authoritative servers.

Authoritative server don’t forward queries.  They return answers, referrals or a error if there is a bad delegation.

Mark

> On 29 Oct 2018, at 12:40 pm, Christopher Hawker <me at chrishawker.com.au> wrote:
> 
> Hi Matt,
> 
> From my understanding, this is how it works:
> 
> 	• Your PC is browsing to http://www.ventraip.com.au
> 	• The DNS looks at the root nameservers for . (yes, a single period) who then
> 	• Forwards the request on to the .au nameservers (operated by Afilias) who then
> 	• Forwards the request on to the .com.au nameservers (also operated by Afilias) who then
> 	• Forwards the request on to the authoritative nameservers for ventraip.com.au(ns1.corp.ventraip.net.au, ns2.corp.ventraip.net.au and ns3.corp.ventraip.net.au) who then
> 	• Returns the DNS record for www.ventraip.com.au back to your PC, thus allowing your PC to find the web server.
> 
> Some of these steps may be skipped if and when the DNS server caches the DNS records you are trying to resolve.
> 
> When you configure Registry Hosts / Child Domain Records / Glue Records for your domain, your domain registrar simply sends this information back to Afilias and does not hold any DNS information for these records. These glue records simply prevent circular DNS resolution when using the domain name for it's own nameservers (e.g. ns1.example.com and ns2.example.com as nameservers for example.com) - chicken and egg scenarios like this can get nasty.
> 
> CH.
> 
> 
> From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Matt Selbst <matt.j.selbst at gmail.com>
> Sent: Monday, 29 October 2018 11:41 AM
> To: bsilverman at staff.ventraip.com
> Cc: AusNOG at lists.ausnog.net
> Subject: Re: [AusNOG] Are domain name server pointers reliant on registrar name server?
>  
> Hey Bradley,
> 
> Thanks for your answer. So assuming I'm not using you for DNS hosting (e.g. using a third party like CloudFlare or AWS Route53) then would your name servers ever be involved in DNS queries for my domain?
> 
> -Matt
> 
> On Mon, Oct 29, 2018 at 10:13 AM Bradley Silverman <bsilverman at staff.ventraip.com> wrote:
> Hi Matt,
> 
> A lot of confusing answers in here, even to me and this is my job to understand them.
> 
> To answer your exact question without filler information:
> Your registrar (Synergy Wholesale, TPP Wholesale, NetRegistry) need to have the Nameserver records (ns1.server.net and ns2.server.net) for the domain (Example.com.au). 
> Then your actual nameservers (ns1.server.net and ns2.server.net) actually require the exact same nameserver records. Trust me, I have seen things go awry when this isn't the case.
> 
> While you are technically reliant on the root, auDA, and Affilias, all their job is to get someones request to the .com.au namespace TO the actual .com.au domains, and not something you ever have to worry about.
> 
> All you need to do is make sure both your registrar and your nameservers point to your nameservers. Does that make sense?
> 	
> Bradley Silverman
> Technical Operations \\ VentraIP Australia
> M: +61 418 641 103 | P: +61 3 9013 8464 | ventraip.com.au
> 
> 
> On Mon, Oct 29, 2018 at 6:16 AM Matt Selbst <matt.j.selbst at gmail.com> wrote:
> Right, so for the sake of clarity as I understand it from the responses - I'm reliant on root, auDA and Afilias name servers but NOT my registrar e.g. Synergy Wholesale, TPP Wholesale, NetRegistry etc....
> 
> On Mon, Oct 29, 2018 at 5:59 AM Peter Fern <ausnog at 0xc0dedbad.com> wrote:
> On 28/10/18 11:58 pm, Chad Kelly wrote:
> > On 10/28/2018 11:10 PM, ausnog-request at lists.ausnog.net wrote:
> >
> >> The original post was asking if the registrar is relied upon here 
> >> (and the answer is no).
> > But the nameservers themselves still need to be listed at the 
> > registrar level so that they can be found on the public internet. 
> > Otherwise you run into issues with dns lookups and them not being able 
> > to resolve your dns correctly.
> > They call this having registry hosts.
> >
> 
> registrar != registry
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org



More information about the AusNOG mailing list