KNOWNHOST WIKI

User Tools

Site Tools


dns:difference-between-parent-and-authoritative-nameservers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
dns:difference-between-parent-and-authoritative-nameservers [2019/09/17 11:12]
Karson N.
dns:difference-between-parent-and-authoritative-nameservers [2020/06/03 08:22] (current)
Karson N.
Line 2: Line 2:
  
 \\ \\
- 
 ===== How DNS Works ===== ===== How DNS Works =====
  
Line 16: Line 15:
  
 The process can be described as follows. There is a single Root Nameserver for all domains, and this is denoted by a single period. If you've every paid close attention to the nameservers in your server'​s panel, often times you will see that they are followed by a period like so: The process can be described as follows. There is a single Root Nameserver for all domains, and this is denoted by a single period. If you've every paid close attention to the nameservers in your server'​s panel, often times you will see that they are followed by a period like so:
 +<​code>​
   ns1.domain.com.   ns1.domain.com.
 +</​code>​
  
 That period is the very first nameserver to be queried when your browser sends a request for a domain to your ISP's DNS recursors. First, the query requests to know what nameservers to query next depending on the domain'​s TLD. A TLD is the last part of a domain name, e.g., '​com',​ '​org',​ '​net',​ etc., We can query the Root NS directly to get a listing of the 13 Parent Nameservers that currently exist. ​ That period is the very first nameserver to be queried when your browser sends a request for a domain to your ISP's DNS recursors. First, the query requests to know what nameservers to query next depending on the domain'​s TLD. A TLD is the last part of a domain name, e.g., '​com',​ '​org',​ '​net',​ etc., We can query the Root NS directly to get a listing of the 13 Parent Nameservers that currently exist. ​
  
 <​code>​ <​code>​
-$ dig NS +short . +  ​$ dig NS +short . 
-a.root-servers.net. +  a.root-servers.net. 
-b.root-servers.net. +  b.root-servers.net. 
-c.root-servers.net. +  c.root-servers.net. 
-d.root-servers.net. +  d.root-servers.net. 
-e.root-servers.net. +  e.root-servers.net. 
-f.root-servers.net. +  f.root-servers.net. 
-g.root-servers.net. +  g.root-servers.net. 
-h.root-servers.net. +  h.root-servers.net. 
-i.root-servers.net. +  i.root-servers.net. 
-j.root-servers.net. +  j.root-servers.net. 
-k.root-servers.net. +  k.root-servers.net. 
-l.root-servers.net. +  l.root-servers.net. 
-m.root-servers.net. +  m.root-servers.net. 
-$+  $
 </​code>​ </​code>​
  
Line 42: Line 42:
  
 <​code>​ <​code>​
-$ dig +short org. NS +  ​$ dig +short org. NS 
-c0.org.afilias-nst.info. +  c0.org.afilias-nst.info. 
-d0.org.afilias-nst.org. +  d0.org.afilias-nst.org. 
-a0.org.afilias-nst.info. +  a0.org.afilias-nst.info. 
-a2.org.afilias-nst.info. +  a2.org.afilias-nst.info. 
-b0.org.afilias-nst.org. +  b0.org.afilias-nst.org. 
-b2.org.afilias-nst.org. +  b2.org.afilias-nst.org. 
-$+  $
 </​code>​ </​code>​
  
Line 55: Line 55:
  
 <​code>​ <​code>​
-$ dig +short com. NS +  ​$ dig +short com. NS 
-e.gtld-servers.net. +  e.gtld-servers.net. 
-c.gtld-servers.net. +  c.gtld-servers.net. 
-h.gtld-servers.net. +  h.gtld-servers.net. 
-b.gtld-servers.net. +  b.gtld-servers.net. 
-d.gtld-servers.net. +  d.gtld-servers.net. 
-m.gtld-servers.net. +  m.gtld-servers.net. 
-k.gtld-servers.net. +  k.gtld-servers.net. 
-+  
 </​code>​ </​code>​
  
 Once we have the Parent Nameservers,​ we can then query them for the Authoritative Nameservers for the domain like so (let's use google.com as an example and query one of the '​com'​ nameservers returned above: Once we have the Parent Nameservers,​ we can then query them for the Authoritative Nameservers for the domain like so (let's use google.com as an example and query one of the '​com'​ nameservers returned above:
 <​code>​ <​code>​
-$ dig @j.gtld-servers.net. google.com. NS+  ​$ dig @j.gtld-servers.net. google.com. NS
  
-; <<>>​ DiG 9.10.3-P4-Ubuntu <<>>​ @j.gtld-servers.net. google.com. NS +  ​; <<>>​ DiG 9.10.3-P4-Ubuntu <<>>​ @j.gtld-servers.net. google.com. NS 
-; (2 servers found) +  ; (2 servers found) 
-;; global options: +cmd +  ;; global options: +cmd 
-;; Got answer: +  ;; Got answer: 
-;; ->>​HEADER<<​- opcode: QUERY, status: NOERROR, id: 20211 +  ;; ->>​HEADER<<​- opcode: QUERY, status: NOERROR, id: 20211 
-;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9 +  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9 
-;; WARNING: recursion requested but not available+  ;; WARNING: recursion requested but not available
  
-;; OPT PSEUDOSECTION:​ +  ​;; OPT PSEUDOSECTION:​ 
-; EDNS: version: 0, flags:; udp: 4096 +  ; EDNS: version: 0, flags:; udp: 4096 
-;; QUESTION SECTION: +  ;; QUESTION SECTION: 
-;​google.com. IN NS+  ;​google.com.   ​IN   ​NS
  
-;; AUTHORITY SECTION: +  ​;; AUTHORITY SECTION: 
-google.com. 172800 IN NS ns2.google.com. +  google.com.   ​172800 IN NS ns2.google.com. 
-google.com. 172800 IN NS ns1.google.com. +  google.com.   ​172800 IN NS ns1.google.com. 
-google.com. 172800 IN NS ns3.google.com. +  google.com.   ​172800 IN NS ns3.google.com. 
-google.com. 172800 IN NS ns4.google.com.+  google.com.   ​172800 IN NS ns4.google.com.
  
-;; ADDITIONAL SECTION: +  ​;; ADDITIONAL SECTION: 
-ns2.google.com. 172800 IN AAAA 2001:​4860:​4802:​34::​a +  ns2.google.com.   ​172800 IN AAAA 2001:​4860:​4802:​34::​a 
-ns2.google.com. 172800 IN A 216.239.34.10 +  ns2.google.com.   ​172800 IN A 216.239.34.10 
-ns1.google.com. 172800 IN AAAA 2001:​4860:​4802:​32::​a +  ns1.google.com.   ​172800 IN AAAA 2001:​4860:​4802:​32::​a 
-ns1.google.com. 172800 IN A 216.239.32.10 +  ns1.google.com.   ​172800 IN A 216.239.32.10 
-ns3.google.com. 172800 IN AAAA 2001:​4860:​4802:​36::​a +  ns3.google.com.   ​172800 IN AAAA 2001:​4860:​4802:​36::​a 
-ns3.google.com. 172800 IN A 216.239.36.10 +  ns3.google.com.   ​172800 IN A 216.239.36.10 
-ns4.google.com. 172800 IN AAAA 2001:​4860:​4802:​38::​a +  ns4.google.com.   ​172800 IN AAAA 2001:​4860:​4802:​38::​a 
-ns4.google.com. 172800 IN A 216.239.38.10+  ns4.google.com.   ​172800 IN A 216.239.38.10
  
-;; Query time: 217 msec +  ​;; Query time: 217 msec 
-;; SERVER: 192.48.79.30#​53(192.48.79.30) +  ;; SERVER: 192.48.79.30#​53(192.48.79.30) 
-;; WHEN: Sun Jun 09 11:35:13 CDT 2019 +  ;; WHEN: Sun Jun 09 11:35:13 CDT 2019 
-;; MSG SIZE  rcvd: 287+  ;; MSG SIZE  rcvd: 287
  
-+  ​
 </​code>​ </​code>​
  
Line 112: Line 112:
  
 <​code>​ <​code>​
-$ dig txt +short google.com @ns1.google.com. +  ​$ dig txt +short google.com @ns1.google.com. 
-"​v=spf1 include:​_spf.google.com ~all"​ +  "​v=spf1 include:​_spf.google.com ~all"​ 
-"​docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"​ +  "​docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"​ 
-"​globalsign-smime-dv=CDYX+XFHUw2wml6/​Gb8+59BsH31KzUr6c1l2BPvqKX8="​ +  "​globalsign-smime-dv=CDYX+XFHUw2wml6/​Gb8+59BsH31KzUr6c1l2BPvqKX8="​ 
-"​facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"​ +  "​facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"​ 
-+  $
 </​code>​ </​code>​
  
Line 123: Line 123:
  
 <​code>​ <​code>​
-$ dig NS +short google.com @ns1.google.com. +  ​$ dig NS +short google.com @ns1.google.com. 
-ns1.google.com. +  ns1.google.com. 
-ns3.google.com. +  ns3.google.com. 
-ns4.google.com. +  ns4.google.com. 
-ns2.google.com. +  ns2.google.com. 
-$+  $
 </​code>​ </​code>​
  
Line 134: Line 134:
  
 <​code>​ <​code>​
-$ dig A +short ns1.google.com @ns1.google.com. +  ​$ dig A +short ns1.google.com @ns1.google.com. 
-216.239.32.10 +  216.239.32.10 
-$+  $
 </​code>​ </​code>​
  
Line 151: Line 151:
   - If you provide the IP of the DNS server you expect the domain to be using (for example, if you've just migrated the domain and/or its DNS to a new server, it will query that server directly to print out the NS records for the domain and the glue records for that NS as is set in the server specified. This optional IP parameter represents the server IP that you expect to hold the DNS zone file for the domain.   - If you provide the IP of the DNS server you expect the domain to be using (for example, if you've just migrated the domain and/or its DNS to a new server, it will query that server directly to print out the NS records for the domain and the glue records for that NS as is set in the server specified. This optional IP parameter represents the server IP that you expect to hold the DNS zone file for the domain.
  
-  
 <file bash parent-vs-ns-check.sh>​ <file bash parent-vs-ns-check.sh>​
 #!/bin/sh #!/bin/sh
Line 193: Line 192:
  
 \\ \\
- 
 ===== Tips and Tricks ​ ===== ===== Tips and Tricks ​ =====
  
Line 203: Line 201:
   - If the zone did not load due to errors, fix the errors highlighted in red and then reload the zone file. If no errors are reported, check for duplicate records. Does ns1 and ns2 both have their own zone files and do they also have A records set in the main domain'​s zone file as well? If so, remove the DNS zone files for ns1 and ns2 if they already have A records set for them in the main domain'​s zone file. For example, the domain mdomain1.tld has its own vanity nameservers and when you open the zone file for mdomain1.tld,​ you see that its NS records are ns1.mdomain1.tld and ns2.mdomain1.tld. You also see that both ns1.mdomain.tld and ns2.mdoamin.tld both have A records set  in that same zone file. You go back to the list of zone files under /var/named/ or you go back to WHM's Edit DNS Zone and you notice that a complete file exists for each nameserver named as ns1.mdomain1.tld.db and ns2.mdomain1.tld.db. This redundancy seems to disrupt their functioning,​ so you will need to delete the zone files for ns1 and ns2 but leave the A records set for ns1 and ns2 in the zone file for mdomain1.tld. ​   - If the zone did not load due to errors, fix the errors highlighted in red and then reload the zone file. If no errors are reported, check for duplicate records. Does ns1 and ns2 both have their own zone files and do they also have A records set in the main domain'​s zone file as well? If so, remove the DNS zone files for ns1 and ns2 if they already have A records set for them in the main domain'​s zone file. For example, the domain mdomain1.tld has its own vanity nameservers and when you open the zone file for mdomain1.tld,​ you see that its NS records are ns1.mdomain1.tld and ns2.mdomain1.tld. You also see that both ns1.mdomain.tld and ns2.mdoamin.tld both have A records set  in that same zone file. You go back to the list of zone files under /var/named/ or you go back to WHM's Edit DNS Zone and you notice that a complete file exists for each nameserver named as ns1.mdomain1.tld.db and ns2.mdomain1.tld.db. This redundancy seems to disrupt their functioning,​ so you will need to delete the zone files for ns1 and ns2 but leave the A records set for ns1 and ns2 in the zone file for mdomain1.tld. ​
   - Make sure that the set of nameservers at the server and at the registrar match exactly. Make sure both have A records (glue records) and resolve to the same IPs.   - Make sure that the set of nameservers at the server and at the registrar match exactly. Make sure both have A records (glue records) and resolve to the same IPs.
- 
  
 As always, if you have any trouble with your DNS, please feel free to open a support ticket and we'll be glad to help! :) As always, if you have any trouble with your DNS, please feel free to open a support ticket and we'll be glad to help! :)
dns/difference-between-parent-and-authoritative-nameservers.1568736768.txt.gz · Last modified: 2019/09/17 11:12 by Karson N.