DNSSEC DS Record

2017-07-13 Thread sami's strat 
The following zone is dnssec signed:  ns2cloud.com


However, the zone is missing the DS record, completely.  That being said,
what is the offset, or result?  I don't see an AD flag when querying the
zone.  Other then that, are there any other ramifications?

thanks in advance.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: delegation NS records

2017-07-13 Thread bind 
Hi Bob:

These examples help!  Thank you.

On Thu 7/13/17 15:53 -0400 Bob Harold wrote:
> Let's illustrate one NS record, for each of the cases:
> (I think your case is #2)
> 
> 1. Name server name inside the domain itself
> 
> example.com zone:
> example.com IN NS ns.example.com
> ns.example.com IN A x.x.x.x
> 
> the TLD com would have (entered by the registrar)
> example.com IN  NS ns.example.com
> ns.example.com IN A x.x.x.x   (this is a "glue" record)

OK.  This example is the most commonly seen in web searches.

> 2. Name server name in another domain:
> 
> example.com zone:
> example.com IN NS ns.otherdomain.com
> 
> TLD com zone:
> example.com IN NS ns.otherdomain.com
> (no glue record)

Exactly one delegation NS record. 

Several have made that clear; ie I now clearly understand there is
*not* another NS delegation record needed in the zone with the $ORIGIN
that is part of the ("non vanity") nameserver's FQDN.

> otherdomain.com zone:
> ns.otherdomain.com IN A x.x.x.x

Almost goes without saying that  above A record is needed.

> 3. Sibling domains with name servers for each other: (should be avoided?)
> 
> example.com zone:
> example.com IN NS ns.otherdomain.com
> ns.example.com IN A x.x.x.x
> 
> otherdomain.com zone:
> otherdomain.com IN  NS ns.example.com
> ns.otherdomain.com IN A x.x.x.x
> 
> TLD com zone:
> example.com IN NS ns.otherdomain.com
> ns.example.com IN A x.x.x.x  (glue record?)
> ns.otherdomain.com IN A x.x.x.x (glue record?)

Interesting.  I think the glue record make sense.
I'm not planning to do this. :->

I do not see any delegation NS record for otherdomain.com above.
Is this right?:

TLD com zone:
example.comIN NS ns.otherdomain.com
ns.example.com IN A x.x.x.x  (glue record?)
otherdomain.comIN NS ns.example.com
ns.otherdomain.com IN A x.x.x.x (glue record?)

--
thanks,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: delegation NS records

2017-07-13 Thread Bob Harold 
On Thu, Jul 13, 2017 at 3:33 PM,  wrote:

> Hi Niall:
>
> On Tue 7/11/17 22:56 +0100 "Niall O'Reilly" wrote:
> > On 11 Jul 2017, at 22:01, b...@zq3q.org wrote:
> >
> > > As I wrote to Niall (msg dated 11 Jul 2017 15:04:32 -0500) ,
> >
> > That hasn't reached me yet.
> >
> > > I **do not** have a NS record for each of my two
> > > nameservers, in the domain zone that the respective nameserver itself
> is in.
> > > That is a mistake, I need to fix, right?
> >
> > Short answer: just no.
> >
> > Long answer: not unless either of your servers is providing name service
> for
> > the zone that the nameserver itself is in.  As I understand from your
> > original message, this is not the case, so just no.
>
> Thanks much!
>
> --
> Check my comprehension:
>
> So, **delegation** NS records are only needed in the zone which has an
> $ORIGIN,
> which is 1 level up from the $ORIGIN in the zone that contains the
> nameserver SOA, and
> authority NS records in.  If this zone with delegation NS records is a
> subdomain
> of a TLD, then one adds these delegation NS records by using the
> registrar's
> interface to the TLD registry.
>
> --
> regards,
> Tom
>

Let's illustrate one NS record, for each of the cases:
(I think your case is #2)

1. Name server name inside the domain itself

example.com zone:
example.com IN NS ns.example.com
ns.example.com IN A x.x.x.x

the TLD com would have (entered by the registrar)
example.com IN  NS ns.example.com
ns.example.com IN A x.x.x.x   (this is a "glue" record)


2. Name server name in another domain:

example.com zone:
example.com IN NS ns.otherdomain.com

TLD com zone:
example.com IN NS ns.otherdomain.com
(no glue record)

otherdomain.com zone:
ns.otherdomain.com IN A x.x.x.x


3. Sibling domains with name servers for each other: (should be avoided?)

example.com zone:
example.com IN NS ns.otherdomain.com
ns.example.com IN A x.x.x.x

otherdomain.com zone:
otherdomain.com IN  NS ns.example.com
ns.otherdomain.com IN A x.x.x.x

TLD com zone:
example.com IN NS ns.otherdomain.com
ns.example.com IN A x.x.x.x  (glue record?)
ns.otherdomain.com IN A x.x.x.x (glue record?)

-- 
Bob Harold
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: delegation NS records

2017-07-13 Thread bind 
Hi Niall:

On Tue 7/11/17 22:56 +0100 "Niall O'Reilly" wrote:
> On 11 Jul 2017, at 22:01, b...@zq3q.org wrote:
> 
> > As I wrote to Niall (msg dated 11 Jul 2017 15:04:32 -0500) ,
> 
> That hasn't reached me yet.
> 
> > I **do not** have a NS record for each of my two
> > nameservers, in the domain zone that the respective nameserver itself  is 
> > in.
> > That is a mistake, I need to fix, right?
> 
> Short answer: just no.
> 
> Long answer: not unless either of your servers is providing name service for
> the zone that the nameserver itself is in.  As I understand from your
> original message, this is not the case, so just no.

Thanks much!

--
Check my comprehension:

So, **delegation** NS records are only needed in the zone which has an $ORIGIN,
which is 1 level up from the $ORIGIN in the zone that contains the nameserver 
SOA, and
authority NS records in.  If this zone with delegation NS records is a subdomain
of a TLD, then one adds these delegation NS records by using the registrar's
interface to the TLD registry.

--
regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users