Ping a Specific Port

Question

Захар Joe

Asked: 2021-12-01 02:05:26 +0800 CST2021-12-01 02:05:26 +0800 CST 2021-12-01 02:05:26 +0800 CST

Second-level domain as a primary NS server for itself

772

Is there anything in RFCs forbidding me from specifying NS records for mydom.example that go like this:

mydom.example 192.0.2.4
secondaryns.example

as compared to

ns.mydom.example 192.0.2.4
secondaryns.example

Specifically, when the primary NS is on the same domain, can I use mydom.example there or is it strictly necessary to have any third-level domain for NS such as ns.mydom.example?

2 Answers

Voted

Patrick Mevzek · Answer 1 · 2021-12-01T07:00:56+08:00

Patrick Mevzek

2021-12-01T07:00:56+08:002021-12-01T07:00:56+08:00

Is there anything in RFCs forbidding me

No, nothing forbids you to use a nameserver name whose name is the zone name.

It exists, BUT it is absolutely not recommended. First it is obviously in-bailiwick so you need glue records. This already create some headaches.

But, having the nameserver name equal to the zone name will for sure triggering edge cases, as this is a situation not well known so you will find a lot of software/API/UI choking on this.

So, from experience, I recommend you do not do this. You gain nothing really by doing things like that, so it is best to avoid.

1

Nikita Kipriyanov · Answer 2 · 2021-12-01T02:51:20+08:00

This is not a third level domain. Here ns.example.com is a name of (e.g. points to) the A/AAAA RR, which contains actual IPv4 or IPv6 addresses of the server.

And, because NS should point to precisely A or AAAA records, you can't use the "apex" name as the nameserver host name. A delegated zone always contains at least a SOA record and therefore the zone name is unsuitable as a NS record target.

Your zone (as served by your servers) will be of the form:

example.com. SOA ...
example.com. NS ns.example.org.
example.com. NS ns.example.com.
ns.example.com. A 192.0.2.1
...

If the nameserver RR name itself is inside this example.com zone, you are required to define it (as I did for ns.example.com above), and your upstream zone (com) will add its as a glue record together with delegation records. In this case the com zone will contain the three records for you: 2 delegation NS and 1 glue A. If the nameserver RR is outside of the domain, it cannot be added to this zone (because it doesn't belong to it) and upstream will not have a glue for it (ok, it can have that same record as a glue for another domain, but that's none of your business).

But I don't get why are you concerned. Just do as everybody does it. Don't be pulled by the marketing gimmick, the "level" of the "domain" doesn't mean anything, except technical. When we talk about logically consistent use of names, the use of nested levels of the hierarchy is encouraged.

Second-level domain as a primary NS server for itself

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?