RE: Re: .TLD minimum number of nameservers rule
Actually, there's a simpler solution to meeting the rule for 2 NS. Use any of the secondary nameserver services. The come in a range of prices/service levels. (Price and delivered service don't always correlate.) Generally they act as slaves off your master; some are bind based and use IXFR; others poll. Besides the required redundancy, they will meet the requirement for geographic separation. There is at least one free service that supports DNSSEC (though that's rare.) Googgle "secondary DNS" or "backup DNS" for a starting point. - This communication may not represent my employer's views, if any, on the matters discussed. -Original Message- From: nudge...@fastmail.fm [mailto:nudge...@fastmail.fm] Sent: Tuesday, December 13, 2011 03:54 To: Fajar A. Nugraha Cc: bind-us...@isc.org Subject: Re: Re: .TLD minimum number of nameservers rule > > What IS the problem, exactly? You're describing two things that > doesn't seem to be related: number of NS for a zone, and PTR/DNAME > records. My appologies if in an attempt to be succint, I failed to be clear. > > If you don't "own" an IP address, then usually you don't need to > bother about PTR records at all. If you need to change PTR record for > an IP address that you use (e.g. VPS, colo, home connection, etc) you > usually need to ask your ISP to update/change it. The company in question has a single public IP address connecting it's internal lan with the internet. A classic NAT configuration. > DNAME creates an alias for one or more subdomains of a domain. Chances > are you won't need it for common uses. I'm not so sure I'd make that assumption. > > For instance, would this be a problem when implementing a wide area > > bonjour subdomain using my own local dns server for clients that are > > mobile (internal/external) ? > > Bonjour should work even without a DNS server. Reminds me of Cool Hand Luke <: what we have here is a failure to communicate :> > You could always create your own DNS server if you REALLY need those > record types :) The cheapest VPS is about $15/year, which should be > more than enough for a secondary DNS server. I'm running Bind 9.6 and dnsextd (llq and tsig handling). I have split DNS views based on source ip address and possession of a tsig key: internal-trusted/external-trusted/internal-visitor/external-visitor. The DNS server and clients are all mac 10.6+ so I'm taking advantage of mDNSResponder features such as looking in the system keychain for the tsig keys. I have a WAB subdomain for dns-sd, etc. I've had to replace dnsextd with an older version, since current macosx versions are dead. I wondered if the limited access to DNS records at the top level of my domain would be a problem. My first thought was to take over the DNS for this domain but rfc882 saying a domain must have at least 2 nameservers rules that out. Frankly, I probably don't understand enough about how glue records function... Thanks for your help ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: .TLD minimum number of nameservers rule
On Tue, Dec 13, 2011 at 3:53 PM, wrote: >> > For instance, would this be a problem when implementing a >> > wide area bonjour subdomain using my own local dns server for clients that >> > are >> > mobile (internal/external) ? >> >> Bonjour should work even without a DNS server. > > Reminds me of Cool Hand Luke <: what we have here is a failure to > communicate :> > Seems that way. I'm not very familiar with bonjour :) Apologies for any incorrect suggestion on my part. >> You could always create your own DNS server if you REALLY need those >> record types :) >> The cheapest VPS is about $15/year, which should be more than enough >> for a secondary DNS server. > > I'm running Bind 9.6 and dnsextd (llq and tsig handling). I have split DNS > views based on source ip address > and possession of a tsig key: > internal-trusted/external-trusted/internal-visitor/external-visitor. > The DNS server and clients are all mac 10.6+ so I'm taking advantage of > mDNSResponder features such as > looking in the system keychain for the tsig keys. I have a WAB subdomain for > dns-sd, etc. I've had to replace > dnsextd with an older version, since current macosx versions are dead. > > I wondered if the limited access to DNS records at the top level of my domain > would be a problem. It would if you setup WAB directly on that domain, as it seems that WAB requires PTR records. > My first thought was to take over the DNS for this domain but rfc882 saying a > domain must have at least > 2 nameservers rules that out. Frankly, I probably don't understand enough > about how glue records function... The easiest way seems to be just create a subdomain. So if your main domain is abc.dom, you can have an NS entry on that domain for the subdomain office.abc.com pointing to your public IP address. After that, just setup everything (PTR records, etc) inside that subdomain. Another option would be to just rent a VPS for your secondary nameserver. -- Fajar ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: .TLD minimum number of nameservers rule
> > What IS the problem, exactly? You're describing two things that > doesn't seem to be related: number of NS for a zone, and PTR/DNAME > records. My appologies if in an attempt to be succint, I failed to be clear. > > If you don't "own" an IP address, then usually you don't need to > bother about PTR records at all. If you need to change PTR record for > an IP address that you use (e.g. VPS, colo, home connection, etc) you > usually need to ask your ISP to update/change it. The company in question has a single public IP address connecting it's internal lan with the internet. A classic NAT configuration. > DNAME creates an alias for one or more subdomains of a domain. Chances > are you won't need it for common uses. I'm not so sure I'd make that assumption. > > For instance, would this be a problem when implementing a > > wide area bonjour subdomain using my own local dns server for clients that > > are > > mobile (internal/external) ? > > Bonjour should work even without a DNS server. Reminds me of Cool Hand Luke <: what we have here is a failure to communicate :> > You could always create your own DNS server if you REALLY need those > record types :) > The cheapest VPS is about $15/year, which should be more than enough > for a secondary DNS server. I'm running Bind 9.6 and dnsextd (llq and tsig handling). I have split DNS views based on source ip address and possession of a tsig key: internal-trusted/external-trusted/internal-visitor/external-visitor. The DNS server and clients are all mac 10.6+ so I'm taking advantage of mDNSResponder features such as looking in the system keychain for the tsig keys. I have a WAB subdomain for dns-sd, etc. I've had to replace dnsextd with an older version, since current macosx versions are dead. I wondered if the limited access to DNS records at the top level of my domain would be a problem. My first thought was to take over the DNS for this domain but rfc882 saying a domain must have at least 2 nameservers rules that out. Frankly, I probably don't understand enough about how glue records function... Thanks for your help ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: .TLD minimum number of nameservers rule
On Tue, Dec 13, 2011 at 6:20 AM, wrote: > Thanks all. Chris, Anand that's very useful to know, sorry Jeff and Philippe, > your interesting suggestions wont work in this case. > > If I attack the problem from the other way down instead, the fact my current > registra doesn't allow me to add PTR or DNAME records to my top level domain > limits what exactly ? What IS the problem, exactly? You're describing two things that doesn't seem to be related: number of NS for a zone, and PTR/DNAME records. If you don't "own" an IP address, then usually you don't need to bother about PTR records at all. If you need to change PTR record for an IP address that you use (e.g. VPS, colo, home connection, etc) you usually need to ask your ISP to update/change it. DNAME creates an alias for one or more subdomains of a domain. Chances are you won't need it for common uses. > For instance, would this be a problem when implementing a > wide area bonjour subdomain using my own local dns server for clients that are > mobile (internal/external) ? Bonjour should work even without a DNS server. > > I'm only allowed to add A NS MX CNAME TXT and SRV records via the web > interface ... because those are the ones mostly used. > of my registra and I imagined that I'd need PTRs or a DNAME or some ther glue > frustratingly unavailable. Having heard your response to my original question, > I'm now desperately wishing that I got that wrong... You could always create your own DNS server if you REALLY need those record types :) The cheapest VPS is about $15/year, which should be more than enough for a secondary DNS server. -- Fajar ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users