[HamWAN PSDR] DNS mapping

Dean Gibson AE7Q hamwan at ae7q.com
Fri May 16 00:16:38 PDT 2014 

You are correct;  #1 and #2 *together* are wrong.  I did not make it 
clear in my previous message, that the two were mutually exclusive 
choices (for the case being discussed).

Your "note to DNS admins" is indeed what I want.

Thanks, Dean

On 2014-05-15 22:02, Bart Kus wrote:
> Hey Dean,
>
> How about we just delegate the forward + reverse to your NS and you 
> take care of the rest?  IN PTR queries for 173.240.24.44.in-addr.arpa. 
> would just get referrals to your NS.
>
> BTW, this looks wrong to me:
>
>  1. ae7q.hamwan.net.  3600  IN  A 44.24.240.173
>  2. ae7q.hamwan.net.  3600  IN CNAME   ns1.ae7q.ampr.org.
>
> It simultaneously declares to a resolver that ae7q.hamwan.net is not 
> the canonical name for the desired record (A, etc), and also offers up 
> an authoritative answer for IN A.  Domains with CNAME declared 
> shouldn't have other records (such as the IN A here). Resolvers should 
> chase down the query using the CNAME instead.
>
> Note to DNS admins:
>
> To delegate forward & reverse to Dean's NS:
>
> ae7q.hamwan.net. IN NS ns1.ae7q.hamwan.net.
> 173.240.24.44.in-addr.arpa. IN NS ns1.ae7q.hamwan.net.
> ns1.ae7q.hamwan.net. IN A 44.24.240.173
>
> Dassit.
>
> --Bart
>
> On 5/15/2014 9:49 PM, Dean Gibson AE7Q wrote:
>> I did:
>>
>> =>dig -x 44.24.240.173 @a.ns.hamwan.net.
>>
>> ; <<>> DiG 9.2.4 <<>> -x 44.24.240.173 @a.ns.hamwan.net.
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55622
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;173.240.24.44.in-addr.arpa.    IN      PTR
>>
>> ;; ANSWER SECTION:
>> *173.240.24.44.in-addr.arpa. 3600 IN     PTR     ae7q.hamwan.net.*
>>
>> ;; Query time: 147 msec
>> ;; SERVER: 44.24.244.2#53(44.24.244.2)
>> ;; WHEN: Thu May 15 20:44:05 2014
>> ;; MSG SIZE  rcvd: 73
>>
>> =>dig ae7q.hamwan.net. @a.ns.hamwan.net.
>>
>> ; <<>> DiG 9.2.4 <<>> ae7q.hamwan.net. @a.ns.hamwan.net.
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46180
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;ae7q.hamwan.net.               IN      A
>>
>> ;; AUTHORITY SECTION:
>> *ae7q.hamwan.net. 3600    IN      NS      ns1.ae7q.ampr.org.*
>>
>> ;; Query time: 101 msec
>> ;; SERVER: 44.24.244.2#53(44.24.244.2)
>> ;; WHEN: Thu May 15 20:45:39 2014
>> ;; MSG SIZE  rcvd: 64
>>
>> =>dig ns1.ae7q.ampr.org. @ampr.org.
>>
>> ; <<>> DiG 9.2.4 <<>> ns1.ae7q.ampr.org. @ampr.org.
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27978
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 1
>>
>> ;; QUESTION SECTION:
>> ;ns1.ae7q.ampr.org.             IN      A
>>
>> ;; ANSWER SECTION:
>> *ns1.ae7q.ampr.org. 3600    IN      A       44.24.240.173*
>>
>> ;; AUTHORITY SECTION:
>> ampr.org.               3600    IN      NS ampr-dns.in-berlin.de.
>> ampr.org.               3600    IN      NS ampr.org.
>> ampr.org.               3600    IN      NS munnari.OZ.AU.
>> ampr.org.               3600    IN      NS ns1.defaultroute.net.
>> ampr.org.               3600    IN      NS ns2.threshinc.com.
>> ampr.org.               3600    IN      NS ns0.comgw.net.
>> ampr.org.               3600    IN      NS hamradio.ucsd.edu.
>>
>> ;; ADDITIONAL SECTION:
>> ampr.org.               3600    IN      A 44.0.0.1
>>
>> ;; Query time: 157 msec
>> ;; SERVER: 44.0.0.1#53(44.0.0.1)
>> ;; WHEN: Thu May 15 20:47:46 2014
>> ;; MSG SIZE  rcvd: 263
>>
>> Now, this is not correct.  While I appreciate the PTR record for 
>> 44.24.240.173, it needs to point to a *hostname* record ("A" or 
>> CNAME"), not a *domainname* record.  This is not the fault of the PTR 
>> record, but the record that it points to: The NS record for 
>> ae7q.hamwan.net effectively declares ae7q.hamwan.net as a 
>> *subdomain*, with ns1.ae7q.ampr.org as its*nameserver*.  Now, 
>> ns1.ae7q.ampr.org has the IP address of 44.24.240.173, but that 
>> doesn't mean that the domain ae7q.hamwan.net is anywhere near 
>> 44.24.240.x.
>>
>> The correct solution to this problem is to replace the NS record for 
>> ae7q.hamwan.net with a reference to a host;  eg:
>>
>>  1. ae7q.hamwan.net.  3600  IN  A 44.24.240.173
>>  2. ae7q.hamwan.net.  3600  IN CNAME   ns1.ae7q.ampr.org.
>>
>> The administrative advantage of the CNAME is that if my IP address 
>> changes, you don''t have to change the forward record (you'll still 
>> have to update PTR records).  The administrative disadvantage is that 
>> the CNAME is dependent upon a different administrative organization.  
>> However, neither solution above allows for ae7q.hamwan.net to be a 
>> subdomain.
>>
>> If you want to allow ae7q.hamwan.net to be a subdomain, you need to 
>> lay the following foundation:
>>
>> 173.240.24.44.in-addr.arpa.  3600  IN PTR  ns1.ae7q.hamwan.net.  ; 
>> (or ns1.ae7q.ampr.org.)
>> ae7q.hamwan.net.             3600  IN  NS ns1.ae7q.hamwan.net.  ; (or 
>> ns1.ae7q.ampr.org.)
>> ns1.ae7q.hamwan.net.         3600  IN  A 44.24.240.173         ; (if 
>> ns1.ae7q.ampr.org. is not used)
>>
>> That by itself will not allow *me* to add subdomain records, but it 
>> lays the foundation.  I prefer creating ns1.ae7q.hamwan.net (all 
>> three records above), as it keeps the records independent of a 
>> different administrative organization.
>>
>> If you want to get carried away, you could also add the following record:
>>
>> www.ae7q.hamwan.net. 3600  IN  CNAME   ns1.ae7q.hamwan.net.  ; (or 
>> ns1.ae7q.ampr.org.)
>>
>> -- Dean
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20140516/c50afef7/attachment.html>

More information about the PSDR mailing list