How to look up my NS and glue information in root zone files?
This is a discussion on How to look up my NS and glue information in root zone files? within the Bind Users forums, part of the DNS and Related Forums category; Hello. I have a question about how my initial NS record information gets stored in the root zone files, and ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-19-2004
|
|||
|
|||
How to look up my NS and glue information in root zone files?
Hello. I have a question about how my initial NS record information
gets stored in the root zone files, and how I can check to make sure that it's right. I thought I could use DIG for this, but I'd like someone out there to confirm that this really does what I think it does. In the top-level zone file for one of my DNS zones (AMHERST.EDU) , I have the following four NS records: IN NS ns.amherst.edu. IN NS dnsauth1.sys.gtei.net. IN NS dnsauth2.sys.gtei.net. IN NS dnsauth3.sys.gtei.net. So when I do a "dig @ns.amherst.edu amherst.edu ns +norecurse", the result I get looks includes this: ;; ANSWER SECTION: amherst.edu. 3600 IN NS dnsauth2.sys.gtei.net. amherst.edu. 3600 IN NS dnsauth3.sys.gtei.net. amherst.edu. 3600 IN NS ns.amherst.edu. amherst.edu. 3600 IN NS dnsauth1.sys.gtei.net. What I want to verify is that the NS records listed above are also what are listed in the master zone file for the EDU domain. So I try this: "dig @a.root-servers.net amherst.edu ns +norecurse", but what I get is the following (partial): ;; AUTHORITY SECTION: edu. 172800 IN NS L3.NSTLD.COM. edu. 172800 IN NS D3.NSTLD.COM. edu. 172800 IN NS A3.NSTLD.COM. edu. 172800 IN NS E3.NSTLD.COM. edu. 172800 IN NS C3.NSTLD.COM. edu. 172800 IN NS F3.NSTLD.COM. edu. 172800 IN NS G3.NSTLD.COM. edu. 172800 IN NS B3.NSTLD.COM. edu. 172800 IN NS M3.NSTLD.COM. This answer suggests that the .EDU top-level domain has been delegated to the above servers. =20 So I then try: "dig @L3.NSTLD.COM amherst.edu ns +norecurse", and in fact I get back the following: ;; ANSWER SECTION: amherst.edu. 172800 IN NS NS.amherst.edu. amherst.edu. 172800 IN NS DNSAUTH1.SYS.GTEI.NET. amherst.edu. 172800 IN NS DNSAUTH2.SYS.GTEI.NET. amherst.edu. 172800 IN NS DNSAUTH3.SYS.GTEI.NET. This appears to indicate that the NS records stored for my domain in fact match mine. My question: is=20 that really what the above DIG command shows? Does a DIG command against one of these top-level servers really show me what is stored in the top-level zone files for my NS records, or does this=20 information get overlaid somehow with the records that are actually in my own zone file? Another way of asking this: if I want to change my list of NS records, I presumably have to somehow notify the top-level zone authorities so that they can make corresponding changes in the top-level zone files. How can I verify that that has actually been done? (For that matter, how do I verify that the glue A records have been set correctly at that upper level?) Thanks! -- John W. Manly <jwmanly@amherst.edu> Systems and Networking, Amherst College 
|
Linear Mode
