[HamWAN PSDR] DNS mapping

Bart Kus me at bartk.us
Thu May 15 22:02:15 PDT 2014 

Hey Dean,

How about we just delegate the forward + reverse to your NS and you take 
care of the rest?  IN PTR queries for 173.240.24.44.in-addr.arpa. would 
just get referrals to your NS.

BTW, this looks wrong to me:

 1. ae7q.hamwan.net.  3600  IN  A 44.24.240.173
 2. ae7q.hamwan.net.  3600  IN  CNAME   ns1.ae7q.ampr.org.

It simultaneously declares to a resolver that ae7q.hamwan.net is not the 
canonical name for the desired record (A, etc), and also offers up an 
authoritative answer for IN A.  Domains with CNAME declared shouldn't 
have other records (such as the IN A here). Resolvers should chase down 
the query using the CNAME instead.

Note to DNS admins:

To delegate forward & reverse to Dean's NS:

ae7q.hamwan.net. IN NS ns1.ae7q.hamwan.net.
173.240.24.44.in-addr.arpa. IN NS ns1.ae7q.hamwan.net.
ns1.ae7q.hamwan.net. IN A 44.24.240.173

Dassit.


--Bart


On 5/15/2014 9:49 PM, Dean Gibson AE7Q wrote:
> I did:
>
> =>dig -x 44.24.240.173 @a.ns.hamwan.net.
>
> ; <<>> DiG 9.2.4 <<>> -x 44.24.240.173 @a.ns.hamwan.net.
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55622
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;173.240.24.44.in-addr.arpa.    IN      PTR
>
> ;; ANSWER SECTION:
> *173.240.24.44.in-addr.arpa. 3600 IN     PTR     ae7q.hamwan.net.*
>
> ;; Query time: 147 msec
> ;; SERVER: 44.24.244.2#53(44.24.244.2)
> ;; WHEN: Thu May 15 20:44:05 2014
> ;; MSG SIZE  rcvd: 73
>
> =>dig ae7q.hamwan.net. @a.ns.hamwan.net.
>
> ; <<>> DiG 9.2.4 <<>> ae7q.hamwan.net. @a.ns.hamwan.net.
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46180
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ae7q.hamwan.net.               IN      A
>
> ;; AUTHORITY SECTION:
> *ae7q.hamwan.net. 3600    IN      NS      ns1.ae7q.ampr.org.*
>
> ;; Query time: 101 msec
> ;; SERVER: 44.24.244.2#53(44.24.244.2)
> ;; WHEN: Thu May 15 20:45:39 2014
> ;; MSG SIZE  rcvd: 64
>
> =>dig ns1.ae7q.ampr.org. @ampr.org.
>
> ; <<>> DiG 9.2.4 <<>> ns1.ae7q.ampr.org. @ampr.org.
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27978
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;ns1.ae7q.ampr.org.             IN      A
>
> ;; ANSWER SECTION:
> *ns1.ae7q.ampr.org. 3600    IN      A       44.24.240.173*
>
> ;; AUTHORITY SECTION:
> ampr.org.               3600    IN      NS ampr-dns.in-berlin.de.
> ampr.org.               3600    IN      NS ampr.org.
> ampr.org.               3600    IN      NS munnari.OZ.AU.
> ampr.org.               3600    IN      NS ns1.defaultroute.net.
> ampr.org.               3600    IN      NS ns2.threshinc.com.
> ampr.org.               3600    IN      NS ns0.comgw.net.
> ampr.org.               3600    IN      NS hamradio.ucsd.edu.
>
> ;; ADDITIONAL SECTION:
> ampr.org.               3600    IN      A 44.0.0.1
>
> ;; Query time: 157 msec
> ;; SERVER: 44.0.0.1#53(44.0.0.1)
> ;; WHEN: Thu May 15 20:47:46 2014
> ;; MSG SIZE  rcvd: 263
>
> Now, this is not correct.  While I appreciate the PTR record for 
> 44.24.240.173, it needs to point to a *hostname* record ("A" or 
> CNAME"), not a *domainname* record.  This is not the fault of the PTR 
> record, but the record that it points to:  The NS record for 
> ae7q.hamwan.net effectively declares ae7q.hamwan.net as a *subdomain*, 
> with ns1.ae7q.ampr.org as its*nameserver*. Now, ns1.ae7q.ampr.org has 
> the IP address of 44.24.240.173, but that doesn't mean that the domain 
> ae7q.hamwan.net is anywhere near 44.24.240.x.
>
> The correct solution to this problem is to replace the NS record for 
> ae7q.hamwan.net with a reference to a host;  eg:
>
>  1. ae7q.hamwan.net.  3600  IN  A 44.24.240.173
>  2. ae7q.hamwan.net.  3600  IN  CNAME   ns1.ae7q.ampr.org.
>
> The administrative advantage of the CNAME is that if my IP address 
> changes, you don''t have to change the forward record (you'll still 
> have to update PTR records).  The administrative disadvantage is that 
> the CNAME is dependent upon a different administrative organization.  
> However, neither solution above allows for ae7q.hamwan.net to be a 
> subdomain.
>
> If you want to allow ae7q.hamwan.net to be a subdomain, you need to 
> lay the following foundation:
>
> 173.240.24.44.in-addr.arpa.  3600  IN PTR  ns1.ae7q.hamwan.net.  ; (or 
> ns1.ae7q.ampr.org.)
> ae7q.hamwan.net.             3600  IN  NS ns1.ae7q.hamwan.net.  ; (or 
> ns1.ae7q.ampr.org.)
> ns1.ae7q.hamwan.net.         3600  IN  A 44.24.240.173         ; (if 
> ns1.ae7q.ampr.org. is not used)
>
> That by itself will not allow *me* to add subdomain records, but it 
> lays the foundation.  I prefer creating ns1.ae7q.hamwan.net (all three 
> records above), as it keeps the records independent of a different 
> administrative organization.
>
> If you want to get carried away, you could also add the following record:
>
> www.ae7q.hamwan.net. 3600  IN  CNAME   ns1.ae7q.hamwan.net.  ; (or 
> ns1.ae7q.ampr.org.)
>
> -- Dean
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20140515/3fcc6b48/attachment.html>

More information about the PSDR mailing list