Tim: >> Both of those servers are accessed by name, not numerical IP >> address, and those names have to be in some public DNS records, so >> people can find the IP addresses for them to connect to them. Joe Zeff: > No. DNS servers are always accessed by IP address, never by name. > Trying to access a DNS server by name would just create an endless > loop of trying to resolve addresses as you can't get the server's > address without using DNS to get the IP address. That was the point I was making about glue records. I did say it was chicken and egg. But let's go through that with a real world example: I want the numerical IP for google: $ dig google.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30708 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 300 IN A 142.250.70.238 And I get told it's 142.250.70.238 (for me, right now). Further down in the results of that query we find out who was holding the data: ;; AUTHORITY SECTION: google.com. 1176 IN NS ns3.google.com. google.com. 1176 IN NS ns1.google.com. google.com. 1176 IN NS ns2.google.com. google.com. 1176 IN NS ns4.google.com. Any one of four name servers, and ... they're identified by name. If we want to connect to them, we have to do something else to find out their IP. That info's provided in the next set of data from the same query: ;; ADDITIONAL SECTION: ns2.google.com. 1176 IN A 216.239.34.10 ns1.google.com. 1176 IN A 216.239.32.10 ns3.google.com. 1176 IN A 216.239.36.10 ns4.google.com. 1176 IN A 216.239.38.10 ;; Query time: 109 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jun 08 23:11:16 ACST 2021 ;; MSG SIZE rcvd: 191 A bit surprisingly, it's four name servers in the same network. But with google being that big, they probably have enough capacity that they don't need to spread their records far and wide. It's the same in BIND zone files, the first line of the record lists the start-of-authority, and it lists the name server by name. A bit further down there's a NS record, that lists the name server by name. Much further down in all the records for the zone there'll be the A record for the name server. It was why the original poster couldn't answer any external queries some time last year, I think was when the thread started. The thing that identified their authoritative name server was itself, isolated from the rest of the world. -- uname -rsvp Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
