Wiki

User Tools

Site Tools

Trace:
ubuntu:dns:lame_nameserver_delegation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ubuntu:dns:lame_nameserver_delegation [2020/05/13 17:34] peterubuntu:dns:lame_nameserver_delegation [2021/01/10 21:09] (current) – removed peter
Line 1: Line 1:
-====== Ubuntu - DNS - LAME Nameserver Delegation ====== 
- 
-A nameserver which gives non-authoritative answer is usually called '**LAME**'.   
- 
-Every domain must have at least 2 nameservers and if each is asked, and if they all have domain zone information, they will all give an authoritative answer.  If not it's a '**lame delegation**'. 
- 
-Refer to [[http://www.faqs.org/rfcs/rfc1912.html|RFC 1912 section 2.8.]]. 
- 
-An example of lame delegation is: 
- 
-<code bash> 
-example.com     IN    NS     ns1.example.com 
-example.com     IN    NS     ns2.example-server.net 
-</code> 
- 
-ns1.example.com is configured to have zone information about the domain but ns2.example-server.net was not configured properly and does not have any information about the domain.  So ns1 will answer authoritatively whereas ns2 won't which will be 'lame' until it is set up properly. 
- 
-To get more in-depth understanding, use the dig tool for example.com. 
- 
-1. First we find the nameservers of example.com: 
- 
- dig example.com NS 
- 
-<code bash> 
-;; ANSWER SECTION: 
-example.com.            158240  IN      NS      a.iana-servers.net. 
-example.com.            158240  IN      NS      b.iana-servers.net. 
-</code> 
- 
-2. Since we have received 2 nameservers, we ask each of them whether they give authoritative answer.  If it's authoritative, the '**aa**' flag in the header will be set in the answer received ('aa' is authoritative answer). 
- 
-> dig @b.iana-servers.net example.com NS 
-> dig @a.iana-servers.net example.com NS 
- 
-<code bash> 
-;; Got answer: 
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60896 
-;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 
- 
-;; QUESTION SECTION: 
-;example.com.                   IN      NS 
- 
-;; ANSWER SECTION: 
-example.com.            172800  IN      NS      a.iana-servers.net. 
-example.com.            172800  IN      NS      b.iana-servers.net. 
-</code> 
- 
-Look in the flags. 
- 
-<code bash> 
-flags: qr aa rd 
-</code> 
- 
-Since '**aa**' is set in the answer, then both the nameservers of example.com provide authoritative answer.  If it is lame delegation you won't get the authoritative answer. 
- 
-<WRAP important> 
-**CAUTION**: 
- 
-You should not use CNAME (alias) along with NS records as it often confuses most resolvers causing loops and often leads to 'lame' delegation. 
- 
-<code bash> 
-example.com.     IN    NS     ns1.example.com. 
-example.com.     IN    NS     ns2.example.com. 
-example.com.     IN    CNAME  ns9.example-server.net 
-</code> 
- 
- 
-So never use CNAME along with NS records. 
-</WRAP> 
  
ubuntu/dns/lame_nameserver_delegation.1589391280.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki