This may be more about name resolution than you ever wanted to know, but here goes anyway... (knowledge is always a good thing). Sorry for the long post, domain name resolution is often misunderstood (kind of like people referring to somename.com as a "top level domain" or TLD - it's not, it's a 2nd level domain. The TLD is "com".) The SOA nameservers in question are controlled by angelichost.net not Network Solutions (unless NS has some connection to Angelic I'm unaware of which is entirely possible). The only authoritative nameservers for the domain are ns9 and ns10 on angelichost.net's network. Anything else would have to be caching. Name resolution is hierarchical and works from right to left... ORG, U2UG.ORG, etc... The reason it works from anywhere is when you type it in locally, it will go to the one of the 13 root nameservers, aka (letter a-m).root-servers.net, (run by Verisign/Network Solutions and MANY others including NASA, DOD, Cogent, etc.) if not in cache based on the TLD in this case .ORG, it will then ask for the nameservers for the next level (U2UG.ORG in this case). In this case it will get ns9/ns10.angelichost.net. Root nameservers do not contain the zone records for the hosts themselves only the nameservers that are authoritative. It could keep going based on the break up of the domains. You can see this in action if you like... Here's part of the query for www.u2ug.org to a.root-servers.net: Default server: a.root-servers.net Address: 2001:503:ba3e::2:30#53 > set q=any > www.u2ug.org Server: a.root-servers.net Address: 198.41.0.4#53 Non-authoritative answer: *** Can't find www.u2ug.org: No answer Authoritative answers can be found from: org nameserver = a0.org.afilias-nst.info. org nameserver = b0.org.afilias-nst.org. (clipped) Note how it says it cannot answer authoritatively, and points to the next level... Next I set the server to the 1st in the list from the root server Default server: a0.org.afilias-nst.info Address: 2001:500:e::1#53 > www.u2ug.org Server: a0.org.afilias-nst.info Address: 199.19.56.1#53 Non-authoritative answer: *** Can't find www.u2ug.org: No answer > set q=any > www.u2ug.org Server: a0.org.afilias-nst.info Address: 199.19.56.1#53 Non-authoritative answer: *** Can't find www.u2ug.org: No answer Authoritative answers can be found from: u2ug.org nameserver = ns9.angelichost.net. u2ug.org nameserver = ns10.angelichost.net. > Notice that the 1st time I messed up and hadn't set a q=any yet (query any/all information) and it refused to give me any answer at all. After I get the q=any, it simply pointed me up the change (or down if you like) to the angelichost.net servers... From there I can get the host. > server ns9.angelichost.net Default server: ns9.angelichost.net Address: 216.240.154.246#53 > set q=any > www.u2ug.org Server: ns9.angelichost.net Address: 216.240.154.246#53 Name: www.u2ug.org Address: 216.240.154.254 Those are the only 2 servers that can answer authoritatively. I've got at least a dozen nameservers under my control... Network Solutions has access to none of them. If they were to request a propagation of a domain (aka a zone transfer) it would be denied by the nameserver as it would not recognize their servers as having rights to do so (nor do they need it for dns resolution to work). This is a common security measure. I (or my clients) make DNS zone updates all the time, and N.S. isn't involved... The only zone transfers that take place are between the SOA namservers (those listed as nameservers for the domain) the upper level DNS servers only get involved when there's a change of nameservers for the domain not for host level changes. The other nameservers around the world would not resolve the name except if it was in cache - meaning a client requested it and the domain's TTL (Time To Live - most are set to 12 hours, other more volatile domains drop that to 15 minutes... 15 minutes is the shortest most nameservers will honor). At the TTL has expired, the name must be re-resolved starting the right to left process over ORG's namservers -> U2UG.ORG's nameservers -> host resolution. I have seen reputable companies frown on it without explanation (I've been actively working with/in the hosting industry for a long time...) It's unusual enough that it would at least raise questions. Many hosts are protective of their networks. If something raises a red flag (spam?) they'd at least look a little harder at it.
_______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users
