Random question about DNS
Peter Corlett
abuse at cabal.org.uk
Thu Feb 15 15:30:25 GMT 2007
On Thu, Feb 15, 2007 at 02:32:20PM +0000, Andy Armstrong wrote:
[...]
> All of the domains currently have ns1.hexten.net and ns2.hexten.net as
> their nameservers. I can change the DNS for ns1 and ns2 to point at my new
> box but it's my understanding that that won't have the desired effect
> because the glue records for those nameservers contain hard wired IP
> addresses.
You need glue records *only* if the nameservers are within the domain
they're serving for. (djb calls this "in balliwick".)
I have a fair number of domains that use nameservers ns[01].cabal.org.uk.
When I change the IP address of the nameserver, I only need to update the
glue record in cabal.org.uk and all the other domains (e.g. 1k.org.uk) pick
up the change. I arranged it this way on purpose so I could easily change
the IP address of the nameservers on all my domains just by updating the
glue records on two.
So, when a resolver wants to look up, say, www.1k.org.uk, it would see that
the NS records for 1k.org.uk point to ns0.cabal.org.uk and do a separate A
lookup on that[1], which picks up the glue record I changed on cabal.org.uk.
It can then query the server returned. (It'd then get a NXDOMAIN because I
haven't done anything with that domain yet.)
[1] Actually, this step is skipped when the A records are speculatively
returned in the Additional Section of the DNS response because the
nameserver happens to also serve that other zone.
More information about the london.pm
mailing list