DNS announcement question

Joe Abley jabley at isc.org
Sat Jun 28 17:20:53 UTC 2003



On Saturday 28 June 2003, at 12:08, Jim Popovitch wrote:

> Questions:
> 1) How does one registrar 'win out' over a second registrar when
>    updating root servers?

It's important not to confuse registry services (in which a central 
registry of names and metadata is maintained by various authorised 
parties) and name service. They are related, but different. This 
confuses people, because single companies frequently provide both 
registry services and nameserver services.

Here's a registry answer to your question:

In the ICANN-model registry/registrar/registrant structure (which is 
used for most gTLDs and also, to varying degrees of approximation, by 
various ccTLDs) a single domain is sponsored by a single registrar. 
Only the sponsoring registrar is able to influence the way that the 
delegation for the domain is published in the registry's zone. The 
process of changing the sponsoring registrar is called a transfer 
operation, and is performed by either the losing or winning registrar 
at the request of the registrant.

Here's a nameserver answer to your question:

The parent (superordinate) zone will contain a delegation to a set of 
nameservers which corresponds to your domain name. The nameservers 
specified therein will be used by recursive resolvers to locate 
nameservers which are authoritative for your zone, in order to resolve 
queries which fall within your domain. Other nameservers may purport to 
speak authoritatively for your zone, but unless the delegation in the 
parent zone includes them in the NS set, a recursive lookup will not 
find them.

> 2) How can I verify that the domain will be properly 'announced'
>    to the root servers by the new registrar?

Here's a registry answer to this question:

Find some way of querying the registry in question for your domain (for 
com/net domains, you might try using whois against whois.crsnic.net; in 
general, for registry zone $z you can take advantage of Centergate's 
very useful whois-servers.net domain and try a whois query against 
$z.whois-servers.net). You should see some indication of the sponsoring 
registrar, and other metadata which you can verify.

> [jabley at buffoon]% whois -h org.whois-servers.net isc.org
> ... tedious legal rambling...
> Domain ID:D2338103-LROR
> Domain Name:ISC.ORG
> Created On:04-Apr-1994 04:00:00 UTC
> Last Updated On:05-Mar-2002 02:24:11 UTC
> Expiration Date:05-Apr-2004 04:00:00 UTC
> ... etc, etc

Here's a nameserver answer to your question:

Check the parent zone for the delegation, and ensure that your domain 
has been delegated to the right nameservers. To do that, find a 
nameserver which is authoritative for the parent zone and send it a 
query for a name under your domain. For added credit, don't request 
recursion when you send the query.

> [jabley at buffoon]% dig ns org.
>
> ; <<>> DiG 8.3 <<>> ns org.
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      org, type = NS, class = IN
>
> ;; ANSWER SECTION:
> org.                    5d23h59m51s IN NS  L7.NSTLD.COM.
> org.                    5d23h59m51s IN NS  M5.NSTLD.COM.
> org.                    5d23h59m51s IN NS  A7.NSTLD.COM.
> org.                    5d23h59m51s IN NS  C5.NSTLD.COM.
> org.                    5d23h59m51s IN NS  E5.NSTLD.COM.
> org.                    5d23h59m51s IN NS  F7.NSTLD.COM.
> org.                    5d23h59m51s IN NS  G7.NSTLD.COM.
> org.                    5d23h59m51s IN NS  I5.NSTLD.COM.
> org.                    5d23h59m51s IN NS  J5.NSTLD.COM.
>
> ;; Total query time: 2 msec
> ;; FROM: buffoon.automagic.org to SERVER: default -- 127.0.0.1
> ;; WHEN: Sat Jun 28 13:13:53 2003
> ;; MSG SIZE  sent: 21  rcvd: 183
>
> [jabley at buffoon]% dig @l7.nstld.com isc.org SOA +norecurse
>
> ; <<>> DiG 8.3 <<>> @l7.nstld.com isc.org SOA +norecurse
> ; (1 server found)
> ;; res options: init defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28750
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      isc.org, type = SOA, class = IN
>
> ;; AUTHORITY SECTION:
> isc.org.                2D IN NS        NS-EXT.VIX.COM.
> isc.org.                2D IN NS        NS1.GNAC.COM.
>
> ;; Total query time: 16 msec
> ;; FROM: buffoon.automagic.org to SERVER: l7.nstld.com  192.41.162.36
> ;; WHEN: Sat Jun 28 13:14:05 2003
> ;; MSG SIZE  sent: 25  rcvd: 76
>
> [jabley at buffoon]%

If the DNS speak in this message scares you, then either don't worry 
about it or buy and digest the Cricket book ("DNS and BIND", ISBN 
0596001584). It's very readable and easy to follow, even with little or 
no prior knowledge of the DNS.


Joe




More information about the NANOG mailing list