External (not in the same domain) name server
Antti Louko
alo-nanog at louko.com
Wed Mar 3 00:06:15 UTC 2004
Hello,
I searched if this issue has been around previously, but neither
google or Nanog list search produced anything recent and
relevant. There has been some discussion on whois host entries etc,
however.
The real issue, why this seems impossible with many registrars, is
explained in the end of this email.
Background:
(I use private IP addresses in this example, but in the real life they
would be normal routable IP addresses)
I have in my mind a setup where:
- There is one main domain, which is used for "master" name servers:
mxx1.net NS ns1.mxx1.net
mxx1.net NS ns2.mxx1.net
mxx1.net NS ns3.mxx1.net
mxx1.net NS ns4.mxx1.net
ns1.mxx1.net A 10.1.1.2
ns1.mxx1.net A 10.1.2.2
ns1.mxx1.net A 10.2.1.2
ns1.mxx1.net A 10.2.2.2
ns1, ns2, ns3 and ns4 are well connected and quite permanently in
their IP addresses.
- There are a number of cooperating organizations each having one
dedicated name server (which can also handle other tasks, like
act as an secondary SMTP server etc.)
- Organizations are (there may be tens or hundreds of them):
cxx-1.com
cxx-2.com
.
.
- Each cxx-n.com has its domain registered like this:
cxx-1.com NS ns1.cxx-1.com.e.mxx1.net.
cxx-1.com NS ns2.cxx-1.com.e.mxx1.net.
cxx-1.com NS ns3.cxx-1.com.e.mxx1.net.
cxx-1.com NS ns4.cxx-1.com.e.mxx1.net.
cxx-1.com NS ns5.cxx-1.com.e.mxx1.net.
,
cxx-2.com NS ns1.cxx-2.com.e.mxx1.net.
cxx-2.com NS ns2.cxx-2.com.e.mxx1.net.
cxx-2.com NS ns3.cxx-2.com.e.mxx1.net.
cxx-2.com NS ns4.cxx-2.com.e.mxx1.net.
cxx-2.com NS ns5.cxx-2.com.e.mxx1.net.
etc.
- Each cxx-n.com.e.mxx.1.net zone name server offers records like
this:
ns1.cxx-1.com.e.mxx1.net 600 A 10.20.1.2
; server at cxx-1's location
ns2.cxx-1.com.e.mxx1.net 600 A 10.20.2.2
; server at cxx-2's location
ns3.cxx-1.com.e.mxx1.net 600 A 10.20.3.2
; server at cxx-3's location
ns4.cxx-1.com.e.mxx1.net 600 A 10.20.4.2
; server at cxx-4's location
ns5.cxx-1.com.e.mxx1.net 600 A 10.20.5.2
; server at cxx-5's location
ns1.cxx-4.com.e.mxx1.net 600 A 10.20.4.2
; server at cxx-4's location
ns2.cxx-4.com.e.mxx1.net 600 A 10.20.5.2
; server at cxx-5's location
ns3.cxx-4.com.e.mxx1.net 600 A 10.20.6.2
; server at cxx-6's location
ns4.cxx-4.com.e.mxx1.net 600 A 10.20.7.2
; server at cxx-7's location
ns5.cxx-4.com.e.mxx1.net 600 A 10.20.8.2
; server at cxx-8's location
Pro:
- {ns1,ns2,ns3,ns4}.mxx1.net don't have to handle all NS requests to
different cxx-n.com domains.
- Each cxx-n.com.e.mxx.net name server can monitor if each of its name
servers is alive and change the A record to more suitable address
when necessary.
Con:
- Needs careful configuration
- Requires more DNS requests than simpler setup:
+ To resolve eg. www.cxx-1.com A (traditional setup):
www.cxx-1.com:A --> A.GTLD-SERVERS.NET
cxx-1.com NS ns-1.cxx-1.com 10.20.1.2
ns-1.cxx-1.com A 10.20.1.2
www.cxx-1.com:A --> 10.20.1.2
www.cxx-1.com A 10.20.1.3
is 2 transactions
+ New setup:
www.cxx-1.com:A --> A.GTLD-SERVERS.NET
cxx-1.com NS ns1.cxx-1.com.e.mxx1.net
ns1.cxx-1.com.e.mxx1.net:A --> A.GTLD-SERVERS.NET
mxx1.net NS ns1.mxx1.net
ns1.mxx1.net A 10.1.1.2
ns1.cxx-1.com.e.mxx1.net:A --> 10.1.1.2
ns1.cxx-1.com.e.mxx1.net A 10.20.1.2
www.cxx-1.com:A --> 10.20.1.2
www.cxx-1.com A 10.20.1.3
is 4 transactions and if we separate each cxx-1.com.e.mxx1.net
zone in a different name server, we get 5 transaction.
The difference is that we can adjust with TTL values which parts of
the name resolution are short lived and which are long lived.
And now the problem with some registrars (or is it the same with all
of them):
godaddy.com:
Does only allow to use "registered hosts" as name servers in .com and
.net domains. If the name server host is in com or net domain and it
is not in the same domain, it needs to be a registered host which
basically means that it has to be (or have been) a NS of its SLD with
glue record (an A record). But for example, any .fi ending (Finland)
host name can be entered as a name server and it gets automatically
"registered" without an A record.
joker.com:
Same as godaddy.com but doesn't allow foreign (like .fi) host names as
name servers if they have too many dots in the host name.
I didn't dare to try Network Solutions because it was very slow last
time I tried the WWW interface.
To summarize:
I have read this <URL:http://cr.yp.to/djbdns/notes.html#gluelessness>
and understand that point of view.
Am I trying accomplish something which is not really needed or would
such an approach be useful in some situations?
More information about the NANOG
mailing list