Re: first axfr challenges

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2021-06-06 at 11:54 -0700, Jack Craig wrote:
> something i dont get, if my registrar provides glue references for
> primary & secondary domain dns servers, what purpose is served by
> anything in my host's named.conf (et al) having any reference to my
> domain if it's not accessible/useful?
> 
> i had thought that i should provide the primary server and my hosting
> service provided secondary, but that leaves only the secondary os i
> have only 1 responding

The internet, at large, will always use your primary server.  If it
can't, it'll try your secondary server.  Both of those servers are
accessed by name, not numerical IP address, and those names have to be
in some public DNS records, so people can find the IP addresses for
them to connect to them.

A glue record is a helping hand to find your primary server, when
nothing else gives information about it.

e.g. I try to look up linuxlighthouse.com.  My system will find the
root server for .com, then it will ask it who holds the records for
linuxlighthose.com, get told ns.linuxlighthouse.com and then query
whoever that was, for its IP address.

The big gotcha is that .com will say linuxlighthouse.com is handled by
a particular nameserver by that nameserver's *name* not its IP.

So the person trying to find linuxlighthouse.com first has to find the
IP for ns.linuxlighthouse.com.  If the only server that knows that IP
is ns.linuxlighthouse.com, itself, outsiders have no way to find out
the IP of the nameserver to connect to it.

Having your primary server as yourself, answering queries for itself,
and nobody outside knowing it's IP to be able query it, is the quandary
you find yourself in.

How do you spell dictionary?  Dunno, go look it up in the dictionary...

Hence, the glue record.  Querying .com will say ns.linuxlighthouse.com
is handled by the holder of that gluerecord, we'll call it example.com
(your registrar or other service provider).  Your registrar will have
records that everyone else can lookup, so they can find example.com's
IP address.  Now people can connect to your example.com registrar, your
registrar's DNS server's glue record will give them the numerical IP of
your ns.linuxlighthouse.com DNS server that they couldn't look up
directly.  And, then, after all that, they can find your DNS server and
query it about linuxlighthouse.com.

This is like borrowing $5 from someone who wants a favour from a third
party before they'll give you it, and that third party wants a favour
from a fourth party before they'll do the third party's favour, rinse,
lather, repeat...

In all seriousness, you're really doing this the hardest way possible. 
I would let your registrar be your primary and secondary DNS servers
(they'll have more than one server), and have your IP addresses
programmed into them.  The public can query them.  And just run your
own name server for your own internal addresses, and for learning how
things work.

Your registar does not require you to run a DNS server to give them the
information.  The DNS records will be programmed directly into their
DNS server.  Either by them, manually, or automatically when you
registered the domain name, or you'll have some webpage interface to
enter and edit details.
 
-- 
 
uname -rsvp
Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux