[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RAQ550 dns problem

Subject: Re: [cobalt-users] RAQ550 dns problem
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
Date: Tue Mar 18 14:28:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

JL> Date: Tue, 18 Mar 2003 08:17:10 -0800
JL> From: Jeff Lasman


JL> EBD> Note that if you use another provider for secondary DNS,
JL> EBD> I recommend using one that offers virtual nameservers.
JL> EBD> It's better to have nameservers end in the same TLD (I
JL> EBD> suspect .de in your case) as the domain in question...
JL> EBD> your DNS will be a bit faster that way.
JL>
JL> Can you explain that last statement Eddy?

No problem.  I'm half asleep, so let me know if anything is
unclear. :-)

Let's say one wants to resolve www.everquick.net.  A resolver
will begin at the root nameserves, which return that

	a.gtld-servers.net
	b.gtld-servers.net
	c.gtld-servers.net
	:	:	:

are authoritative for the "net." zone.  The resolver then asks
said nameservers for information on "www.everquick.net.", which
returns that

	ns1.everquick.net
	maven.webokay.com

are authoritative for the "everquick.net." zone.  I'll ignore the
second one for brevity's sake.

Here we have a problem:  The .net gTLD is saying to contact
"ns1.everquick.net" for "everquick.net." entries... but how is
the resolver to know where "ns1.everquick.net" is when it's
trying to find who's authoritative for "everquick.net."?!

The gTLD returns what are known as "glue records":  In the
"additional" section of the DNS response, the gTLD returns

	216.89.137.11

as the A RR for ns1.everquick.net.  Note that glue records are
_not_ authoritative data.

Now let's say ns1.everquick.net serves a .org domain.  When the
.org gTLD says ns1.everquick.net is authoritative for the domain,
it _does not_ return an A RR for the nameserver... which means
the resolver now must look up the A RR for ns1.everquick.net
before it can continue.

Compare:

	With gTLD returning glue records
	--------------------------------

	. (probably cached) points to gTLD
	net. (probably cached) points to ns1.everquick.net
	www.everquick.net. (returned by ns1.everquick.net)

	Without
	-------

	. (probably cached) points to gTLD
	org. (probably cached) points to ns1.everquick.net
	net. (EXTRA WORK, probably cached)
	everquick.net. (EXTRA WORK, probably NOT cached)
	ns1.everquick.net. (EXTRA WORK, probably NOT cached)
	www.somedomain.org. (returned by ns1.everquick.net)

In short... if glue records aren't present, the resolver must
look up the NS's address _in addition to_ the desired record.

We've gotten spoiled by .com, .net, and .org all being handled by
one body, and the domains being interchangeable wrt glue records.
No longer is it so; .org now is separate.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.

Follow-Ups:
- Re: [cobalt-users] RAQ550 dns problem
  - From: Jeff Lasman

References:
- Re: [cobalt-users] RAQ550 dns problem
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-users] RAQbackup for raq 550
Next by Date: Re: [cobalt-users] Mailman & Python on a RaQ4
Previous by thread: Re: [cobalt-users] RAQ550 dns problem
Next by thread: Re: [cobalt-users] RAQ550 dns problem

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index