At 8/20/03 4:30 AM, Rick Hodger wrote: >Just came across something that I'm rather curious about.> > > [description of host IP addresses not showing in some WHOIS lookups]
That's normal and merely cosmetic. >Basically, it seems as if any >DNS server ending in a TLD has an IP address beside it, and any country >level DNS server does not. This wouldn't be of such concern to me, except >that the root servers glue records reflect the same: Ah, you're misunderstanding something here: ># dig host1.irl.com a @a.gtld-servers.net > [worked] > ># dig ns0.businessmedia.co.uk a @a.gtld-servers.net > [failed] You're thinking that the X.gtld-servers.net are the root servers for all domains. That is not the case; they are merely the top level servers for the .com and .net domains. The actual root servers have names ending in "root-servers.net", and a lookup on those will point you to the correct top-level servers for each TLD. The gtld-servers.net servers contain records for the .com and .net TLDs, but not (for example) the .org, or .uk TLDs. So the reason your second query failed is that you're asking the wrong servers. To find out which are the top-level servers for .uk domains, you could ask the true root servers: $ dig uk ns @a.root-servers.net ;; ANSWER SECTION: uk. 172800 IN NS NS4.NIC.uk. uk. 172800 IN NS NS3.NIC.uk. uk. 172800 IN NS NS5.NIC.uk. uk. 172800 IN NS NS1.NIC.uk. uk. 172800 IN NS SEC-NOM.DNS.UK.PSI.NET. uk. 172800 IN NS NS2.NIC.uk. Those are the top level servers for the .uk TLD. And when you query one of those, it works: $ dig ns1.businessmedia.co.uk a @NS1.NIC.uk ;; ANSWER SECTION: ns1.businessmedia.co.uk. 172800 IN A 80.76.206.74 Note that I queried ns1.businessmedia.co.uk (which worked) for this example, instead of your example of ns0.businessmedia.co.uk (which doesn't work for some different reason). It doesn't appear that ns0.businessmedia.co.uk is registered as a hostname, or if so, it perhaps isn't used by any .uk domains so it isn't published as glue by the registry. >Through some usage of tcpdump, it seems that if a domain has the two >..co.uk's as it's nameservers, anytime DNS for that domain is queried, it >must query our servers first to obtain the A records for the nameservers, >rather than with the hostX.irl.com nameservers, where only the root >nameservers are queried. I think you're probably seeing a side effect of the "ns0.businessmedia.co.uk" problem. There is something wrong with that particular one that's unrelated to the issue of glue records being published for .uk domains in general. Also, note that it's not unheard of for a client to query your nameservers for their own IP address, whether it's a .com domain or a .uk domain, even if the top level servers contain the glue. This could happen, for example, if ns1.example.com and ns2.example.com were nameservers for example.com, and the address of ns2 (but not ns1) had expired from the client's cache -- it would be reasonable for it to consult ns1 for the address of ns2. But for this to be happening at all, the client had to have originally obtained the IP address for at least one of them from somewhere other than your name servers, and that place is the top level server glue. >The worry for me, is if I place businessmedia.co.uk on >ns0.businessmedia.co.uk and ns1.businessmedia.co.uk, and say we have a long >power outage. Is that domain ever going to recover without me changing the >nameservers to TLDs? How are other resolving nameservers going to find the >nsX.businessmedia.co.uk A records if the 2 nameservers are not available? Well, this question is actually irrelevant for the reasons mentioned above (the .uk registry will publish glue records if everything is set up correctly) -- but even if that weren't the case, it wouldn't really matter, if you think about it. If ns0.businessmedia.co.uk and ns1.businessmedia.co.uk are the sole nameservers for a domain, and they're both down, it makes no difference whether the registry's top level servers refer clients to the IP addresses of the nameservers or not -- either way, the client trying to do a lookup of something like "www.businessmedia.co.uk" will get a failure because it can't reach either of your nameservers. If you're worried about this situation, that's a sign you need better geographic redundancy for your nameservers so that a power failure doesn't take out both of them. Look into ZoneEdit, or trading secondary DNS with someone, or any of many options you'll find with a Google search for "secondary DNS". -- Robert Mathews, Tiger Technologies "Clever things make people feel stupid, and unexpected things make them feel scared."
