[HamWAN PSDR] Resolving DNS when there's no root servers

Dean Gibson AE7Q hamwan at ae7q.com
Fri Apr 11 09:03:56 PDT 2014 

The idea is (see the penultimate line in prior message) for the 44rf.net 
DNS to *not* be recursive, but just provide referrals.

The point is to have access to other domains (at least DNS lookup) 
outside of 44.24.240.0/20, in situations where Internet access isn't 
available.  Now, admittedly the probability of that is low, and probably 
even lower that if Internet access wasn't available, that 44.x.x.x 
addresses outside of 44.24.240.0/20 served up by 44rf.net servers would 
be accessible (ie, that you'd have network connectivity to those 
addresses).  But, it's cheap experiment. Opinions as to why this might 
be a dumb idea, are accepted ...

Further, getting the domain allowed me to find out that my domain 
(EnCirca) registrar, which used to be competent, is now completely and 
utterly *incompetent*.  I will be transferring my ten domains to another 
registrar, as soon as I've found one at a competitive price that 
provides DNS servers that can be used as slaves to a customer master DNS 
machine.  Previously, I used DomainMonger, which provided this 
capability for years, but their prices seem a little high.  EnCirca has 
it, but alas, something is wrong there, as I have had over a dozen 
eMails back and forth over the last two days, just to get capability 
working again that worked a year ago.

Yes, I wouldn't mind a delegation of ae7q.hamwan.net.  Question: would 
that allow me to make changes on my own, or can I do that myself after 
delegation is set up?  With BIND, there are two ways to do it:

 1. Actual delegation (a separate zone with a separate nameserver,
    maintained on my server).
 2. Where the subdomains are maintained on the main domain's DNS server,
    and the DDNS (restricted to modifications that match a subdomain
    pattern) is used to modify the zone.

I was planning on offering both for 44rf.net.

In a later message I'll discuss my request to Brian Kantor for subdomain 
delegation, and his response.

On 2014-04-10 23:19, Bart Kus wrote:
> I don't get the point of a recursive DNS server that by default 
> doesn't resolve the Internet.
>
> Also, we offer recursive DNS services already on 44.24.244.1 and 
> 44.24.245.1.  These include recursive services for *.HamWAN.net in the 
> absence of root servers, as well as reverse DNS for our IP ranges, 
> also available in the absence of root servers.  The access to the 
> recursive services is limited to 44-net clients.
>
> On the authoritative side, we're happy to delegate sub-zones. 
> *.AE7Q.HamWAN.net for example can be delegated.
>
> While Brian does offer some support for DNS on ampr.org, but I do 
> think AMPR needs to support reverse DNS delegation.  And DNSSEC.  I'm 
> not sure why delegations aren't allowed.  I know it's come up before.
>
> --Bart
>
> On 4/10/2014 10:21 PM, Dean Gibson AE7Q wrote:
>> Two days ago I obtained domain 44rf.net, for the sole purpose of 
>> supporting amateurs on 44.x.x.x which need more *subdomain* support 
>> than ampr.org provides (ie, *none*; Brian Kantor will not allow NS 
>> records in ampr.org).  It's trivial to allow subdomains of 44rf.net 
>> which users can *self-manage*, without screwing up the parent domain 
>> (volunteers/testers welcome).  And, with the use of stub zones, I 
>> support (present tense) referrals to ampr.org, hamwan.net, and other 
>> domains in a situation where the root servers are not available.  Eg:
>>
>> >dig @ns1.ae7q.ampr.org db0bi.ampr.org
>>
>> ; <<>> DiG 9.2.4 <<>> @ns1.ae7q.ampr.org   db0bi.ampr.org
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55750
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 10
>>
>> ;; QUESTION SECTION:
>> ;db0bi.ampr.org.                        IN      A
>>
>> ;; ANSWER SECTION:
>> db0bi.ampr.org.         3568    IN      A 44.225.61.14
>>
>> ;; AUTHORITY SECTION:
>> ampr.org.               3568    IN      NS hamradio.ucsd.edu.
>> ampr.org.               3568    IN      NS ns0.comgw.net.
>> ampr.org.               3568    IN      NS ns1.defaultroute.net.
>> ampr.org.               3568    IN      NS ns2.threshinc.com.
>> ampr.org.               3568    IN      NS ampr.org.
>> ampr.org.               3568    IN      NS munnari.OZ.AU.
>> ampr.org.               3568    IN      NS ampr-dns.in-berlin.de.
>>
>> ;; ADDITIONAL SECTION:
>> ns1.defaultroute.net.   172764  IN      A 74.120.14.69
>> ns2.threshinc.com.      3564    IN      A 192.41.222.8
>> ns2.threshinc.com.      172764  IN      AAAA 2604:5000:0:2::2
>> ampr.org.               3568    IN      A 44.0.0.1
>> munnari.OZ.AU.          14365   IN      A 202.29.151.3
>> munnari.OZ.AU.          86364   IN      AAAA 2001:3c8:9007:1::21
>> munnari.OZ.AU.          86364   IN      AAAA 2001:3c8:9009:181::2
>> ampr-dns.in-berlin.de.  864     IN      A 192.109.42.4
>> ampr-dns.in-berlin.de.  864     IN      AAAA 2a01:238:4073:e600::1
>> hamradio.ucsd.edu.      43164   IN      A 169.228.66.6
>>
>> ;; Query time: 253 msec
>> ;; SERVER: 44.24.240.173#53(44.24.240.173)
>> ;; WHEN: Thu Apr 10 20:10:06 2014
>> ;; MSG SIZE  rcvd: 452
>>
>>
>> >dig @ns1.ae7q.ampr.org  a.ns.hamwan.net
>>
>> ; <<>> DiG 9.2.4 <<>> @ns1.ae7q.ampr.org a.ns.hamwan.net
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46457
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;a.ns.hamwan.net.               IN      A
>>
>> ;; ANSWER SECTION:
>> a.ns.hamwan.net.        3600    IN      A 44.24.244.2
>>
>> ;; AUTHORITY SECTION:
>> hamwan.net.             172800  IN      NS a.ns.hamwan.net.
>> hamwan.net.             172800  IN      NS b.ns.hamwan.net.
>>
>> ;; Query time: 499 msec
>> ;; SERVER: 44.24.240.173#53(44.24.240.173)
>> ;; WHEN: Thu Apr 10 20:31:47 2014
>> ;; MSG SIZE  rcvd: 79
>>
>> However, notice what happens when I access a domain for which I do 
>> *not* have a stub zone declaration:
>>
>> >dig @ns1.ae7q.ampr.org www.hamwan.org
>>
>>
>> ; <<>> DiG 9.2.4 <<>> @ns1.ae7q.ampr.org www.hamwan.org
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24283
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;www.hamwan.org.                        IN      A
>>
>> ;; AUTHORITY SECTION:
>> .                       518400  IN      NS I.ROOT-SERVERS.NET.
>> .                       518400  IN      NS J.ROOT-SERVERS.NET.
>> .                       518400  IN      NS K.ROOT-SERVERS.NET.
>> .                       518400  IN      NS L.ROOT-SERVERS.NET.
>> .                       518400  IN      NS M.ROOT-SERVERS.NET.
>> .                       518400  IN      NS A.ROOT-SERVERS.NET.
>> .                       518400  IN      NS B.ROOT-SERVERS.NET.
>> .                       518400  IN      NS C.ROOT-SERVERS.NET.
>> .                       518400  IN      NS D.ROOT-SERVERS.NET.
>> .                       518400  IN      NS E.ROOT-SERVERS.NET.
>> .                       518400  IN      NS F.ROOT-SERVERS.NET.
>> .                       518400  IN      NS G.ROOT-SERVERS.NET.
>> .                       518400  IN      NS H.ROOT-SERVERS.NET.
>>
>> ;; Query time: 258 msec
>> ;; SERVER: 44.24.240.173#53(44.24.240.173)
>> ;; WHEN: Thu Apr 10 22:11:09 2014
>> ;; MSG SIZE  rcvd: 243
>>
>> That is, ns1.ae7q.ampr.org does *not* function as a general-purpose 
>> recursive DNS server.
>>
>> Now, if someone else is already doing this ... let me know.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20140411/352fd8fa/attachment.html>

More information about the PSDR mailing list