Differences

This shows you the differences between two versions of the page.

--- ubuntu:dns:stealth_nameservers [2020/07/15 09:30] – external edit 127.0.0.1
+++ ubuntu:dns:stealth_nameservers [2021/01/10 21:10] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Ubuntu - DNS - Stealth Nameservers ======
-Stealth Nameservers (or hidden nameservers) are mismatched/conflicting nameservers which exist at root level against of nameservers in the domain.
-To illustrate this, when the parent servers are asked about a domain for NS records at root level they provide:
-<code bash>
-ns0.domain.com
-ns2.domain.com
-ns3.domain.com
-</code>
-but when the nameservers of the domain are queried for the NS records, they are not the same for example
-<code bash>
-ns0.domain.com
-ns2.domain.com
-ns.example-dns.net
-</code>
-ns.example-dns.net and ns3.domain.com are both hidden and known as 'stealth nameservers'.  Although there is nothing wrong in it, it is advisable not to have any stealth nameservers both at root level and in your dns server.
-You can use the **dig** command to lookup NS records at root server level.
-<code bash>
-dig +trace @K.root-servers.net example.com NS
-</code>
-and to ask one of the nameservers of the domain.
-<code bash>
-dig @ns0.domain.com example.com NS
-</code>
-Look for any NS mismatch between the two queries.  If there is a nameserver missing at root level, add the missing nameserver to your domain registrar.  If the nameserver missing at domain level, add the nameserver to the zone file of the domain and update all your secondary nameservers.