DNSSEC DS Record
The following zone is dnssec signed: ns2cloud.com However, the zone is missing the DS record, completely. That being said, what is the offset, or result? I don't see an AD flag when querying the zone. Other then that, are there any other ramifications? thanks in advance. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegation NS records
Hi Bob: These examples help! Thank you. On Thu 7/13/17 15:53 -0400 Bob Harold wrote: > Let's illustrate one NS record, for each of the cases: > (I think your case is #2) > > 1. Name server name inside the domain itself > > example.com zone: > example.com IN NS ns.example.com > ns.example.com IN A x.x.x.x > > the TLD com would have (entered by the registrar) > example.com IN NS ns.example.com > ns.example.com IN A x.x.x.x (this is a "glue" record) OK. This example is the most commonly seen in web searches. > 2. Name server name in another domain: > > example.com zone: > example.com IN NS ns.otherdomain.com > > TLD com zone: > example.com IN NS ns.otherdomain.com > (no glue record) Exactly one delegation NS record. Several have made that clear; ie I now clearly understand there is *not* another NS delegation record needed in the zone with the $ORIGIN that is part of the ("non vanity") nameserver's FQDN. > otherdomain.com zone: > ns.otherdomain.com IN A x.x.x.x Almost goes without saying that above A record is needed. > 3. Sibling domains with name servers for each other: (should be avoided?) > > example.com zone: > example.com IN NS ns.otherdomain.com > ns.example.com IN A x.x.x.x > > otherdomain.com zone: > otherdomain.com IN NS ns.example.com > ns.otherdomain.com IN A x.x.x.x > > TLD com zone: > example.com IN NS ns.otherdomain.com > ns.example.com IN A x.x.x.x (glue record?) > ns.otherdomain.com IN A x.x.x.x (glue record?) Interesting. I think the glue record make sense. I'm not planning to do this. :-> I do not see any delegation NS record for otherdomain.com above. Is this right?: TLD com zone: example.comIN NS ns.otherdomain.com ns.example.com IN A x.x.x.x (glue record?) otherdomain.comIN NS ns.example.com ns.otherdomain.com IN A x.x.x.x (glue record?) -- thanks, Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegation NS records
On Thu, Jul 13, 2017 at 3:33 PM,wrote: > Hi Niall: > > On Tue 7/11/17 22:56 +0100 "Niall O'Reilly" wrote: > > On 11 Jul 2017, at 22:01, b...@zq3q.org wrote: > > > > > As I wrote to Niall (msg dated 11 Jul 2017 15:04:32 -0500) , > > > > That hasn't reached me yet. > > > > > I **do not** have a NS record for each of my two > > > nameservers, in the domain zone that the respective nameserver itself > is in. > > > That is a mistake, I need to fix, right? > > > > Short answer: just no. > > > > Long answer: not unless either of your servers is providing name service > for > > the zone that the nameserver itself is in. As I understand from your > > original message, this is not the case, so just no. > > Thanks much! > > -- > Check my comprehension: > > So, **delegation** NS records are only needed in the zone which has an > $ORIGIN, > which is 1 level up from the $ORIGIN in the zone that contains the > nameserver SOA, and > authority NS records in. If this zone with delegation NS records is a > subdomain > of a TLD, then one adds these delegation NS records by using the > registrar's > interface to the TLD registry. > > -- > regards, > Tom > Let's illustrate one NS record, for each of the cases: (I think your case is #2) 1. Name server name inside the domain itself example.com zone: example.com IN NS ns.example.com ns.example.com IN A x.x.x.x the TLD com would have (entered by the registrar) example.com IN NS ns.example.com ns.example.com IN A x.x.x.x (this is a "glue" record) 2. Name server name in another domain: example.com zone: example.com IN NS ns.otherdomain.com TLD com zone: example.com IN NS ns.otherdomain.com (no glue record) otherdomain.com zone: ns.otherdomain.com IN A x.x.x.x 3. Sibling domains with name servers for each other: (should be avoided?) example.com zone: example.com IN NS ns.otherdomain.com ns.example.com IN A x.x.x.x otherdomain.com zone: otherdomain.com IN NS ns.example.com ns.otherdomain.com IN A x.x.x.x TLD com zone: example.com IN NS ns.otherdomain.com ns.example.com IN A x.x.x.x (glue record?) ns.otherdomain.com IN A x.x.x.x (glue record?) -- Bob Harold ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegation NS records
Hi Niall: On Tue 7/11/17 22:56 +0100 "Niall O'Reilly" wrote: > On 11 Jul 2017, at 22:01, b...@zq3q.org wrote: > > > As I wrote to Niall (msg dated 11 Jul 2017 15:04:32 -0500) , > > That hasn't reached me yet. > > > I **do not** have a NS record for each of my two > > nameservers, in the domain zone that the respective nameserver itself is > > in. > > That is a mistake, I need to fix, right? > > Short answer: just no. > > Long answer: not unless either of your servers is providing name service for > the zone that the nameserver itself is in. As I understand from your > original message, this is not the case, so just no. Thanks much! -- Check my comprehension: So, **delegation** NS records are only needed in the zone which has an $ORIGIN, which is 1 level up from the $ORIGIN in the zone that contains the nameserver SOA, and authority NS records in. If this zone with delegation NS records is a subdomain of a TLD, then one adds these delegation NS records by using the registrar's interface to the TLD registry. -- regards, Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users