Larry Thank you.
Brian Sent from my iPad On 4 Apr 2012, at 19:34, "Larry Hiscock" <lar...@wcs-corp.com> wrote: > In the meantime, I've added a rewrite rule to redirect www.u2ug.org to > www.u2ug.net > > --Larry > > Larry Hiscock > AngelicHost > Western Computer Services > > > -----Original Message----- > From: u2-users-boun...@listserver.u2ug.org > [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Robert Porter > Sent: Wednesday, April 04, 2012 11:27 AM > To: U2 Users List > Subject: Re: [U2] u2ug.net Website > > This may be more about name resolution than you ever wanted to know, but > here goes anyway... (knowledge is always a good thing). Sorry for the long > post, domain name resolution is often misunderstood (kind of like people > referring to somename.com as a "top level domain" or TLD - it's not, it's a > 2nd level domain. The TLD is "com".) > > The SOA nameservers in question are controlled by angelichost.net not > Network Solutions (unless NS has some connection to Angelic I'm unaware of > which is entirely possible). The only authoritative nameservers for the > domain are ns9 and ns10 on angelichost.net's network. Anything else would > have to be caching. > > Name resolution is hierarchical and works from right to left... ORG, > U2UG.ORG, etc... The reason it works from anywhere is when you type it in > locally, it will go to the one of the 13 root nameservers, aka (letter > a-m).root-servers.net, (run by Verisign/Network Solutions and MANY others > including NASA, DOD, Cogent, etc.) if not in cache based on the TLD in this > case .ORG, it will then ask for the nameservers for the next level (U2UG.ORG > in this case). In this case it will get ns9/ns10.angelichost.net. Root > nameservers do not contain the zone records for the hosts themselves only > the nameservers that are authoritative. It could keep going based on the > break up of the domains. > > You can see this in action if you like... Here's part of the query for > www.u2ug.org to a.root-servers.net: > Default server: a.root-servers.net > Address: 2001:503:ba3e::2:30#53 >> set q=any >> www.u2ug.org > Server: a.root-servers.net > Address: 198.41.0.4#53 > > Non-authoritative answer: > *** Can't find www.u2ug.org: No answer > > Authoritative answers can be found from: > org nameserver = a0.org.afilias-nst.info. > org nameserver = b0.org.afilias-nst.org. > (clipped) > > Note how it says it cannot answer authoritatively, and points to the next > level... > Next I set the server to the 1st in the list from the root server Default > server: a0.org.afilias-nst.info > Address: 2001:500:e::1#53 >> www.u2ug.org > Server: a0.org.afilias-nst.info > Address: 199.19.56.1#53 > > Non-authoritative answer: > *** Can't find www.u2ug.org: No answer >> set q=any >> www.u2ug.org > Server: a0.org.afilias-nst.info > Address: 199.19.56.1#53 > > Non-authoritative answer: > *** Can't find www.u2ug.org: No answer > > Authoritative answers can be found from: > u2ug.org nameserver = ns9.angelichost.net. > u2ug.org nameserver = ns10.angelichost.net. >> > Notice that the 1st time I messed up and hadn't set a q=any yet (query > any/all information) and it refused to give me any answer at all. After I > get the q=any, it simply pointed me up the change (or down if you like) to > the angelichost.net servers... From there I can get the host. > >> server ns9.angelichost.net > Default server: ns9.angelichost.net > Address: 216.240.154.246#53 >> set q=any >> www.u2ug.org > Server: ns9.angelichost.net > Address: 216.240.154.246#53 > > Name: www.u2ug.org > Address: 216.240.154.254 > > Those are the only 2 servers that can answer authoritatively. > > I've got at least a dozen nameservers under my control... Network Solutions > has access to none of them. If they were to request a propagation of a > domain (aka a zone transfer) it would be denied by the nameserver as it > would not recognize their servers as having rights to do so (nor do they > need it for dns resolution to work). This is a common security measure. I > (or my clients) make DNS zone updates all the time, and N.S. isn't > involved... The only zone transfers that take place are between the SOA > namservers (those listed as nameservers for the domain) the upper level DNS > servers only get involved when there's a change of nameservers for the > domain not for host level changes. > > The other nameservers around the world would not resolve the name except if > it was in cache - meaning a client requested it and the domain's TTL (Time > To Live - most are set to 12 hours, other more volatile domains drop that to > 15 minutes... 15 minutes is the shortest most nameservers will honor). At > the TTL has expired, the name must be re-resolved starting the right to left > process over ORG's namservers -> U2UG.ORG's nameservers -> host resolution. > > I have seen reputable companies frown on it without explanation (I've been > actively working with/in the hosting industry for a long time...) It's > unusual enough that it would at least raise questions. Many hosts are > protective of their networks. If something raises a red flag (spam?) they'd > at least look a little harder at it. > > _______________________________________________ > U2-Users mailing list > U2-Users@listserver.u2ug.org > http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
