|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
August 22nd, 2003, 04:00 AM
|
|||
|
|||
Correct use of Glue Records?
Greetings Everybody!
On my journey to gain just a little skill in the great world of DNS, I now stand face-to-face with a problem I can't quite figure out? It revolves around the correct, or proper, way of configuring/defining Glue Records when delegating a subdomain/subzone to a pair of name servers other than the ones configured as authoritative for the parent zone. I have read countless articles, HOWTOs and alike, even the whole DNS and Bind, 4th Edition. I also bought the DNS and Bind Cookbook which really serves it's purpose well. But either way, I still get quite confused whenever Glue Records are mentioned. I would really appreciate it if anybody could post some sample configurations explaining when to use, and of course, when to avoid using, these Glue Records? Thanks in advance!
|
|
#2
August 22nd, 2003, 04:33 AM
|
|||
|
|||
|
I might just have figured it out now?
Code:
Sample 1 ======== example.com. IN NS ns1.example.com. example.com. IN NS ns2.example.com. ns1.example.com. IN A 10.1.0.1 ns2.example.com. IN A 10.2.0.1 ; Subzone/subdomain Delegation sub.example.com. IN NS ns1.sub.example.com. sub.example.com. IN NS ns2.sub.example.com. ns1.sub.example.com. IN A 10.3.0.1 // Glue Record ns2.sub.example.com. IN A 10.4.0.1 // Glue Record Sample 1, the one just above, would need the Glue Records, because the name servers supplied belong to the zone? Take a look at sample 2: Code:
Sample 2 ======== example.com. IN NS ns1.example.com. example.com. IN NS ns2.example.com. ns1.example.com. IN A 10.1.0.1 ns2.example.com. IN A 10.2.0.1 ; Subzone/Subdomain Delegation sub.example.com. IN NS ns1.someotherhost.net. sub.example.com. IN NS ns2.someotherhost.net. While sample 2, the one just above, wouldn't need any Glue Records because the name servers supplied doesn't belong to the zone itself, and thus, foreign name servers can easily find the respective addresses by quering other name servers? Please correct me if I'm totally off track here..
|
|
#3
August 22nd, 2003, 10:49 AM
|
||||
|
||||
|
You are right. But I must add one more detail. You know how you have to specify the NS servers for any zone right? And with those NS servers, you must specify the IP address if the NS domains fall within your zone right? As shown below:
[example.com] @ SOA Record @ NS ns1.example.com. @ NS ns2.example.com. ns1.example.com. A 127.0.0.1 ns2.example.com. A 127.0.0.2 This is standard behavior, but those A records are NOT called GLUE records, even though this is exactly the same thing as what you are doing in your SAMPLE 1. Your subzone has to do the same thing: [sub.example.com] @ SOA Record @ NS ns1.sub.example.com. @ NS ns2.sub.example.com. ns1.sub.example.com. A 127.0.0.1 ns2.sub.example.com. A 127.0.0.2 This is the normal scheme of things. The zone that hosts the domain is the one who specifies the IP address. So GLUE records are NOT required. If the client wants the IP, it can make another lookup. BUT, you want to spare the client from making additional lookups, so you add the "unusual" GLUE records for domains that don't technically fall within your zone - it falls within a subzone. When a client makes a request for "sub.example.com" the "example.com" zone handles it, and returns the NS records in the "authority" section AND the GLUE records in the "additional" section of the response packet.
__________________
Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links: Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
|
|
#4
August 22nd, 2003, 12:01 PM
|
|||
|
|||
|
SilentRage
Thank you very much for your fast and educating answer(s). So I was completely correct regarding Sample 2? Just to get it in place again, when delegating a Subzone to nameservers others than those that fall within the zone, it is not necessary to define any A records to point to the name servers, and wouldn't those A records be treated as out-of-zone data anyway?
Have a look.. Code:
# /var/named/db.example.com example.com. IN NS ns1.example.com. example.com. IN NS ns2.example.com. ; The RRs below are not considered Glue Records ; but, more or less, the normal "scheme" of things. ns1.example.com. IN A 127.0.0.1 ns2.example.com. IN A 127.0.0.2 ; Subzone/Subdomain Delegation sub.example.com. IN NS a.otherhost.net. sub.example.com. IN NS b.otherhost.net. a.otherhost.net. IN A 192.168.10.1 // Out-of-zone data? b.otherhost.net. IN A 192.168.10.2 // Out-of-zone data? Am I right so far?
|
|
#5
August 22nd, 2003, 12:58 PM
|
||||
|
||||
|
You are right again. For confirmation I made a test and added the following records to my subzone:
Quote:
This is the result when I query for sub.example.com [link removed since it no longer works] Apparently BIND was really kind and resolved "ns.subzone.com" itself and added that record to the "additional" section so that my crawler didn't have to make another query to resolve ns.subzone.com. My "glue" record for ns.subzone.com was completely ignored, while the first one was used (had to be, cause ns.sub.example.com does not exist on my server) Last edited by SilentRage : January 6th, 2004 at 02:12 PM.
|
|
#6
August 23rd, 2003, 02:17 AM
|
|||
|
|||
|
SilentRage
I can see what you mean by looking at your example, and the great link you posted pointing to your DNS crawler, which by the way helped me out yesterday by performing some lookups, thank you!
 In your last posted example, you gave ns.subzone.com an A record inside the example.com zone file, correct? You did this _only_ to show me, that it could have been avoided (or ignored as you said), and that it really wasn't needed, because BIND/resolvers would resolv that domain name by itself, right? For repetition sake.. Whenever delegating a subzone to other name servers than the ones that fall within the same domain name you don't need to specify IP addresses for those name servers? But, if you delegate a subzone to name servers that do fall within the same domain name, you have to specify the IP addresses of these name servers? That only brings me to my last question, so if I managed DNS for example.com by myself, and I wanted to delegate a subzone of the parent zone to another service provider such as dyndns.org, I would just configure/setup a zone like this: Code:
$TTL 1d example.com. IN SOA ns1.example.com. admin.example.com. ( 2003082200 ; Serial number 108000 ; Refresh 3600 ; Retry 3600000 ; Expire 43200 ; Negative caching TTL ) $ORIGIN example.com. IN NS ns1.example.com. IN NS ns2.example.com. ; A records pointing to the domain names of the name servers ; because they fall within this domain name. ns1 IN A 127.0.0.1 ns2 IN A 127.0.0.2 ; Subzone/Subdomain Delegation $ORIGIN subzone.example.com. IN NS ns1.dyndns.org. IN NS ns2.dyndns.org. IN NS ns3.dyndns.org. IN NS ns4.dyndns.org. IN NS ns5.dyndns.org. ..I don't need to specify any IP addresses of the five dyndns.org name servers, because BIND/resolvers would just resolv these by itself?
|
|
| Viewing: Dev Shed Forums > System Administration > DNS > Correct use of Glue Records? |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
