HPE Community
Operating System - HP-UX
1838250 Members
4932 Online
110125 Solutions
New Discussion

DNS and SOA

 
SOLVED
Go to solution
Fred Martin_1
Valued Contributor

‎11-19-2007 08:23 AM

‎11-19-2007 08:23 AM

DNS and SOA

We have internet access through 'Verizon Online' and our Public IP addresses are part of the Verizon Online network. Part of that service is that they host our public DNS records. So, a 'whois' on applicatorssales.com shows Verizon's name servers:

NS1.BELLATLANTIC.NET
NS2.BELLATLANTIC.NET

Up until recently our web sites were hosted on this network. However, we have now moved the web sites to a remote location, another network, although I do still have other services (email for example) on Verizon's network.

For web anyway, I changed the A record for 'www' at BELLATLANTIC.NET:

Was:
www IN A 64.222.205.178

Now:
www IN A 64.13.251.83

I should have changed the '@' record as well, and will be doing that soon.

My question is about the PTR records. I should have a matching record:

83.251.13.64.in-addr.arpa IN PTR www.applicatorssales.com

Sorry if this is obvious and I'm missing it but, should Verizon not care what network that these IP's belong to?

I guess more generally, the question could be, could -any- name server be the SOA for a domain name and it's hosts, regardless of who controls the IP addresses? Could NS1.DISNEY.COM be the SOA for applicatorssales.com, with some hosts on Verizon's IP network and some on another IP network, if I convinced them to do it?

I started getting confused about whether the remote web host should be the SOA now, or if the zone could or should be split, etc. etc.

I am hoping that I'm making this more complicated than it really is :)
fmartin@applicatorssales.com
0 Kudos
5 REPLIES 5
Steven Schweda
Honored Contributor

‎11-19-2007 02:34 PM

‎11-19-2007 02:34 PM

Re: DNS and SOA

I know nothing, but ...

> [...] should Verizon not care what network
> that these IP's belong to?

In general, a name server shouldn't care
about very much. So long as it has accurate
information, and people who seek that info
know where to find it, all should be well.

For reverse (PTR) look-ups, someone higher up
in the hierarchy will decide whether to ask
your name server about any particular
address. For example, my name server has info
for a bunch of 10.0.0.x (A) and
x.0.0.10.IN-ADDR.ARPA (PTR) addresses, but no
one in the outside world will ever ask it for
any of these data. I could populate its data
base with all kinds of stuff, but no one
would ever ask to see any of it.
0 Kudos
Wouter Jagers
Honored Contributor

‎11-20-2007 08:42 AM

‎11-20-2007 08:42 AM

Solution

Re: DNS and SOA

Hiya,

Looking good: the mediatemple nameservers (which own the new IP) report applicatorssales.com for the IP.

As I understand it, your DNS will be responsible for mapping names to addresses (it's authorative for applicatorssales.com), and for reverse lookups the DNS of the IP network in question will be in charge (they are authorative for their IP range). Hence, for a reverse lookup of 64.13.251.83 the mediatemple DNS will be in charge.

Below you can find the output of a reverse lookup from my machine to the mediatemple DNS.

Cheers,
Wout

---

$ dig -x 64.13.251.83 @64.207.129.18

; <<>> DiG 9.2.4 <<>> -x 64.13.251.83 @64.207.129.18
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31616
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;83.251.13.64.in-addr.arpa. IN PTR

;; ANSWER SECTION:
83.251.13.64.in-addr.arpa. 86400 IN PTR applicatorssales.com.

;; AUTHORITY SECTION:
251.13.64.in-addr.arpa. 86400 IN NS ns2.mediatemple.net.
251.13.64.in-addr.arpa. 86400 IN NS ns1.mediatemple.net.

;; ADDITIONAL SECTION:
ns1.mediatemple.net. 3600 IN A 64.207.129.18
ns2.mediatemple.net. 3600 IN A 64.207.128.18

;; Query time: 154 msec
;; SERVER: 64.207.129.18#53(64.207.129.18)
;; WHEN: Tue Nov 20 22:33:14 2007
;; MSG SIZE rcvd: 160
an engineer's aim in a discussion is not to persuade, but to clarify.
0 Kudos
Fred Martin_1
Valued Contributor

‎11-20-2007 08:51 AM

‎11-20-2007 08:51 AM

Re: DNS and SOA

Wouter,

That seems to be the case - I've asked both Media Temple and Verizon now, and they agree with you that Media Temple is in charge of the reverse lookup, because the IPs belong to them.

I have to say, this seems counter-intuitive to me (well, that doesn't say much for me then!).

I figured DNS was all about names and since authority for the name 'applicatorssales.com' was NS1.BELLATLANTIC.NET, they'd have all the records including PTR's.

So I learn something new, many thanks to both of you. And, by the way, 'dig' is a new command for me, thanks for that too.

Fred
fmartin@applicatorssales.com
0 Kudos
Fred Martin_1
Valued Contributor

‎11-20-2007 08:53 AM

‎11-20-2007 08:53 AM

Re: DNS and SOA

closed
fmartin@applicatorssales.com
0 Kudos
Wouter Jagers
Honored Contributor

‎11-20-2007 10:29 PM

‎11-20-2007 10:29 PM

Re: DNS and SOA

I remember having been confused by 'exotic' DNS setups several times in the past.. not to worry :)

It's quite normal you find this counter-intuitive: when we read about DNS theory, we read about someone who manages an IP-range and uses a (pair of) DNS servers to map chosen names to these addresses and back. We have an IP network and a domain, and we mentally create a 1-on-1 link between the two.

But, as we know, a DNS server is authorative for specific 'zones', and there's the catch: applicatorssales.com is such a zone, but every IP network (...in-addr.arpa) is such a zone as well.

Hence, there is no fixed one-on-one link between a domain name and an IP range, DNS just looks at these as separate zones, each of which has an authority somewhere.

CNAME records are often used to do what you're doing, and these might look somewhat more intuitive to you.

A CNAME record is like an 'alias': it says 'this hostname is actually a pointer to another hostname', and then the other hostname can be resolved by its own nameserver.

For example; my DNS server, handling requests for mysite.be, gets a request for www.mysite.be. I have configured a CNAME record which points to server3.myhostingprovider.com (instead of an explicit address). The querying host will then know it needs to ask the nameservers of myhostingprovider.com for the address of 'server3'.

In that situation, a lookup of www.mysite.be will return the address of server3.myhostingprovider.com, and a reverse lookup of the address will naturally return "server3.myhostingprovider.com", and not "www.mysite.be".

This is especially useful if you don't have control over the external DNS server configuration.

Hope that helped clarifying things a little, it's tough talking about DNS in static text :-)

The O'Reilly book about DNS & Bind is an excellent resource, should you need further clarification.

Cheers,
Wout
an engineer's aim in a discussion is not to persuade, but to clarify.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.