[bdNOG] .BD DNS Problem
Brian Candler
brian at nsrc.org
Fri Sep 9 13:20:58 BDT 2016
On 08/09/2016 13:03, Kabindra Shrestha wrote:
> How can we solve it?
>
> - the zone cut needs to be properly delegated on the parent zone.
>
> So the .BD zone file should contain something like,
>
> com.bd. IN NS dns.bd.
> IN NS surma.btcl.net.bd.
> IN NS jamuna.btcl.net.bd.
>
> net.bd. IN NS dns.bd.
> IN NS surma.btcl.net.bd.
> IN NS jamuna.btcl.net.bd.
>
> ( add glue record if it doesn't already exist or if necessary )
>
> surma.btcl.net.bd. IN A 203.112.194.232
> surma.btcl.net.bd. IN AAAA 2407:5000:88:4::232
> jamuna.btcl.net.bd. IN A 203.112.194.231
> jamuna.btcl.net.bd. IN AAAA 2407:5000:88:4::231
>
>
> Do the same for any other zone cuts ( edu.bd, gov.bd etc... )
This analysis is absolutely correct. For clarity and simplicity I would
ensure that "bd", "com.bd", "net.bd" are separate zone files, and each
has correct delegation to its subdomains - even when it's only
delegating to the same set of nameservers.
It looks like this has been done already:
$ dig @dns.bd. com.bd. ns
; <<>> DiG 9.8.3-P1 <<>> @dns.bd. com.bd. ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22242
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 6
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;com.bd. IN NS
;; ANSWER SECTION:
com.bd. 86400 IN NS dns.bd.
com.bd. 86400 IN NS surma.btcl.net.bd.
com.bd. 86400 IN NS jamuna.btcl.net.bd.
;; ADDITIONAL SECTION:
dns.bd. 86400 IN A 209.58.24.3
dns.bd. 86400 IN AAAA 2407:5000:88:5::3
surma.btcl.net.bd. 7228 IN A 203.112.194.232
surma.btcl.net.bd. 7228 IN AAAA 2407:5000:88:4::232
jamuna.btcl.net.bd. 7228 IN A 203.112.194.231
jamuna.btcl.net.bd. 7228 IN AAAA 2407:5000:88:4::231
However, it still doesn't solve your original resilience problem if (for
example) com.bd only exists on those three nameservers back in the same
AS. Users with domains under com.bd will still see them fail in the same
way that .bd failed, which means they are no better off than before.
Hence these second-level domains also need to obtain secondary service
in a different AS, in accordance with RFC2182; and indeed, the customers
own domains need this as well.
So it could be a useful value-add service from the .bd registry if were
to offer a completely off-site secondary service slaving from the
customer's own nameserver (or else fully managed resilient DNS)
Cheers,
Brian.
More information about the nog
mailing list