Ping a Specific Port

Question

StevieD

Asked: 2022-09-01 11:12:14 +0800 CST2022-09-01 11:12:14 +0800 CST 2022-09-01 11:12:14 +0800 CST

Should my authoritative nameserver's zone records use the registrar's nameservers?

772

I'm migrating my nameserver machines from a datacenter into a cloud service (AWS) by replacing each of the physical machines with virtual machines. The nameservers I am migrating are authoritative for dozens of different domains.

During this process, I noticed something weird that has me confused:

The nameservers I want to migrate use the following authoritative nameservers:

ns1.example.com 
ns2.example.com

example.com is an old, legacy name for the nameservers and I am also the owner the example.com domain. When I went to check the zone records at example.com, I discovered the exact same zone records:

ns1.example.com 
ns2.example.com

This was unexpected. Basically, the example.com domain is authoritative for itself. I imagined I would have been using the registrar to manage the zone record and it would contain the ip addresses of each of the nameservers for example.com. Otherwise, what prevents the example.com name records from getting spoofed? Should I start using the registrar's nameservers to point to the authoritative name servers?

The current nameserver config was set up by someone else and I'm very rusty with setting up a DNS. Any guidance appreciated.

1 Answers

Voted

Tomek · Answer 1 · 2022-09-01T11:49:53+08:00

This is not unexpected, this is how they should look like.

The registrar includes NS records for your zone in the parent zone. So in case of example.com domain name it will place the following records:

example.com NS ns1.example.com
example.com NS ns2.example.com

in .com zone. In this particular case this is not sufficient as the nameservers are inside the delegated zone and we need to provide hints where these two nameservers can be found. Hence you can see so called glue records which provide IP addresses for the abovementioned nameservers:

ns1.example.com A <ipv4_of_ns1>
ns1.example.com AAAA <ipv6_of_ns1>
ns2.example.com A <ipv4_of_ns2>
ns2.example.com AAAA <ipv6_of_ns2>

They are also placed in .cm zone, along with NS records.

Now, it is YOUR zone which provides authoritative information so it will also contain both NS records for nameservers at zone apex and their IP addresses.

You, as the zone administrator, have the responsibility to make sure that delegation data (along with glue records) at parent zone and the authority data in your zone agree with each other. This usually means they should be identical.

This is described in Technical requirements for authoritative name servers, under "Consistency between delegation and zone" heading.

In your particular case, when you move ns1.example.com and ns2.example.com to new systems (which means new IP addresses) you have to update A/AAAA records both in you zone and at your registrar - which will trigger the update of the glue records in the parent zone.

Should my authoritative nameserver's zone records use the registrar's nameservers?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?