I'm currently in the process of moving all of our domains to our own nameservers. Which wasn't an issue until I hit our own .de
domain. I (think I) understand the implications of having the NS inside it's own domain, hence the need for glue records.
Until yesterday, I would have assumed I have a pretty good understanding of Bind and DNS zones until I was presented with this error from the Denic nameserver predelegation check:
Inconsistent set of nameserver IP addresses (NS, provided glues, determined glues)
- ns2.hartwig-at.de
- [88.198.242.190/88.198.242.190]
- Default resolver determined: [], other resolvers determined: {88.198.242.190/88.198.242.190=[/2a01:4f8:d13:3c85:0:0:0:2, /88.198.242.190]}
Inconsistent set of nameserver IP addresses (NS, provided glues, determined glues)
- ns1.hartwig-at.de
- [cloud.hartwig-at.de/176.221.46.23]
- Default resolver determined: [], other resolvers determined: {cloud.hartwig-at.de/176.221.46.23=[/2a00:1158:3:0:0:0:0:b6, /176.221.46.23]}
The support of my registrar is either far better educated than me or doesn't have a clue. Either way, they're avoiding my questions in regards to what this error means. They just tell me
Your nameserver has to return your own nameservers as the default resolver.
But that doesn't make any sense to me and they refuse to try to explain it any other way.
This is the head of my current zone file:
@ 86400 IN SOA ns1.hartwig-at.de. hostmaster.hartwig-at.de. (
2012070505 ; serial
1d ; refresh
3h ; retry
4w ; expiry
1h ) ; minimum
3600 IN NS ns1.hartwig-at.de.
3600 IN NS ns2.hartwig-at.de.
3600 IN MX 10 remote.hartwig-at.de.
3600 IN MX 20 mx1.hartwig-at.de.
3600 IN MX 30 mx2.hartwig-at.de.
localhost 3600 IN A 127.0.0.1
localhost 3600 IN AAAA ::1
@ 3600 IN A 176.221.46.23
3600 IN AAAA 2a00:1158:3::b6
* 3600 IN A 176.221.46.23
3600 IN AAAA 2a00:1158:3::b6
hetzner 3600 IN A 88.198.242.190
hetzner 3600 IN AAAA 2a01:4f8:d13:3c85::2
cloud 3600 IN A 176.221.46.23
cloud 3600 IN AAAA 2a00:1158:3::b6
; List all NS as A/AAAA record
ns 3600 IN A 176.221.46.23
ns 3600 IN AAAA 2a00:1158:3::b6
ns1 3600 IN A 176.221.46.23
ns1 3600 IN AAAA 2a00:1158:3::b6
ns2 3600 IN A 88.198.242.190
ns2 3600 IN AAAA 2a01:4f8:d13:3c85::2
So, what is the problem with my zone? And what is the "default resolver"?
Your nameservers have AAAA records, but you didn't include the IPv6 addresses as glue records (hence the glue records are not consistent with the addresses returned by your nameserver). Running the check with both IPv4 and IPv6 addresses listed returns the following:
Shouldn't your SOA record look something like