[bdNOG] .BD DNS Problem

• Previous message: [bdNOG] .BD DNS Problem
• Next message: [bdNOG] .BD DNS Problem
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08/09/2016 13:03, Kabindra Shrestha wrote:
> How can we solve it?
>
> - the zone cut needs to be properly delegated on the parent zone.
>
> So the .BD zone file should contain something like,
>
> com.bd.	IN	NS 	dns.bd.
> 		IN	NS	surma.btcl.net.bd.
> 		IN	NS	jamuna.btcl.net.bd.
>
> net.bd.	IN	NS 	dns.bd.
> 		IN	NS	surma.btcl.net.bd.
> 		IN	NS	jamuna.btcl.net.bd.
>
> ( add glue record if it doesn't already exist or if necessary )
>
> surma.btcl.net.bd.	IN	A	203.112.194.232
> surma.btcl.net.bd.	IN	AAAA	2407:5000:88:4::232
> jamuna.btcl.net.bd.	IN	A	203.112.194.231
> jamuna.btcl.net.bd.	IN	AAAA	2407:5000:88:4::231
>
>
> Do the same for any other zone cuts ( edu.bd, gov.bd etc... )
This analysis is absolutely correct. For clarity and simplicity I would 
ensure that "bd", "com.bd", "net.bd" are separate zone files, and each 
has correct delegation to its subdomains - even when it's only 
delegating to the same set of nameservers.

It looks like this has been done already:

$ dig @dns.bd. com.bd. ns

; <<>> DiG 9.8.3-P1 <<>> @dns.bd. com.bd. ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22242
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;com.bd.                       IN         NS

;; ANSWER SECTION:
com.bd.            86400      IN         NS         dns.bd.
com.bd.            86400      IN         NS surma.btcl.net.bd.
com.bd.            86400      IN         NS jamuna.btcl.net.bd.

;; ADDITIONAL SECTION:
dns.bd.            86400      IN         A          209.58.24.3
dns.bd.            86400      IN         AAAA 2407:5000:88:5::3
surma.btcl.net.bd.         7228       IN         A 203.112.194.232
surma.btcl.net.bd.         7228       IN         AAAA 2407:5000:88:4::232
jamuna.btcl.net.bd.        7228       IN         A 203.112.194.231
jamuna.btcl.net.bd.        7228       IN         AAAA 2407:5000:88:4::231

However, it still doesn't solve your original resilience problem if (for 
example) com.bd only exists on those three nameservers back in the same 
AS. Users with domains under com.bd will still see them fail in the same 
way that .bd failed, which means they are no better off than before.

Hence these second-level domains also need to obtain secondary service 
in a different AS, in accordance with RFC2182; and indeed, the customers 
own domains need this as well.

So it could be a useful value-add service from the .bd registry if were 
to offer a completely off-site secondary service slaving from the 
customer's own nameserver (or else fully managed resilient DNS)

Cheers,

Brian.

• Previous message: [bdNOG] .BD DNS Problem
• Next message: [bdNOG] .BD DNS Problem
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]