[bdNOG] .BD DNS Problem

Fri Sep 9 13:50:30 BDT 2016

> On Sep 9, 2016, at 1:05 PM, Brian Candler <brian at nsrc.org> wrote:
> 
> On 08/09/2016 13:03, Kabindra Shrestha wrote:
>> How can we solve it?
>> 
>> - the zone cut needs to be properly delegated on the parent zone.
>> 
>> So the .BD zone file should contain something like,
>> 
>> com.bd.	IN	NS 	dns.bd.
>> 		IN	NS	surma.btcl.net.bd.
>> 		IN	NS	jamuna.btcl.net.bd.
>> 
>> net.bd.	IN	NS 	dns.bd.
>> 		IN	NS	surma.btcl.net.bd.
>> 		IN	NS	jamuna.btcl.net.bd.
>> 
>> ( add glue record if it doesn't already exist or if necessary )
>> 
>> surma.btcl.net.bd.	IN	A	203.112.194.232
>> surma.btcl.net.bd.	IN	AAAA	2407:5000:88:4::232
>> jamuna.btcl.net.bd.	IN	A	203.112.194.231
>> jamuna.btcl.net.bd.	IN	AAAA	2407:5000:88:4::231
>> 
>> 
>> Do the same for any other zone cuts ( edu.bd, gov.bd etc... )
> This analysis is absolutely correct. For clarity and simplicity I would ensure that "bd", "com.bd", "net.bd" are separate zone files, and each has correct delegation to its subdomains - even when it's only delegating to the same set of nameservers.

The analysis and solution was for .BD. As we know, for sub domains to work there needs to be a proper delegation which is missing in .BD and let me rephrase what I said in my earlier mail, the only reason the sub domains are working at the moment is, they are hosted on the same server or lets say on the same DNS daemon that host .BD.

The whole point of my mail was to show that the sub domains are not delegated on the .BD, which you can verify from the PCH server which only have .BD zone on it at the moment.

Also, PCH will happily host the sub domains, if BTCL sends the requests for them.

Thanks.

> 
> It looks like this has been done already:
> 
> $ dig @dns.bd. com.bd. ns
> 
> ; <<>> DiG 9.8.3-P1 <<>> @dns.bd. com.bd. ns
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22242
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 6
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;com.bd.                       IN         NS
> 
> ;; ANSWER SECTION:
> com.bd.            86400      IN         NS         dns.bd.
> com.bd.            86400      IN         NS surma.btcl.net.bd.
> com.bd.            86400      IN         NS jamuna.btcl.net.bd.
> 
> ;; ADDITIONAL SECTION:
> dns.bd.            86400      IN         A          209.58.24.3
> dns.bd.            86400      IN         AAAA 2407:5000:88:5::3
> surma.btcl.net.bd.         7228       IN         A 203.112.194.232
> surma.btcl.net.bd.         7228       IN         AAAA 2407:5000:88:4::232
> jamuna.btcl.net.bd.        7228       IN         A 203.112.194.231
> jamuna.btcl.net.bd.        7228       IN         AAAA 2407:5000:88:4::231
> 
> However, it still doesn't solve your original resilience problem if (for example) com.bd only exists on those three nameservers back in the same AS. Users with domains under com.bd will still see them fail in the same way that .bd failed, which means they are no better off than before.
> 
> Hence these second-level domains also need to obtain secondary service in a different AS, in accordance with RFC2182; and indeed, the customers own domains need this as well.
> 
> So it could be a useful value-add service from the .bd registry if were to offer a completely off-site secondary service slaving from the customer's own nameserver (or else fully managed resilient DNS)
> 
> Cheers,
> 
> Brian.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20160909/b8366f50/attachment.pgp>