North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

External (not in the same domain) name server

  • From: Antti Louko
  • Date: Tue Mar 02 19:09:20 2004

Hello,

I searched if this issue has been around previously, but neither
google or Nanog list search produced anything recent and
relevant. There has been some discussion on whois host entries etc,
however.

The real issue, why this seems impossible with many registrars, is
explained in the end of this email.

Background:

(I use private IP addresses in this example, but in the real life they
would be normal routable IP addresses)

I have in my mind a setup where:

- There is one main domain, which is used for "master" name servers:

  mxx1.net	NS	ns1.mxx1.net
  mxx1.net	NS	ns2.mxx1.net
  mxx1.net	NS	ns3.mxx1.net
  mxx1.net	NS	ns4.mxx1.net
  ns1.mxx1.net	A	10.1.1.2
  ns1.mxx1.net	A	10.1.2.2
  ns1.mxx1.net	A	10.2.1.2
  ns1.mxx1.net	A	10.2.2.2

  ns1, ns2, ns3 and ns4 are well connected and quite permanently in
  their IP addresses.

- There are a number of cooperating organizations each having one
  dedicated name server (which can also handle other tasks, like
  act as an secondary SMTP server etc.)

- Organizations are (there may be tens or hundreds of them):

  cxx-1.com
  cxx-2.com
  .
  .

- Each cxx-n.com has its domain registered like this:

  cxx-1.com	NS	ns1.cxx-1.com.e.mxx1.net.
  cxx-1.com	NS	ns2.cxx-1.com.e.mxx1.net.
  cxx-1.com	NS	ns3.cxx-1.com.e.mxx1.net.
  cxx-1.com	NS	ns4.cxx-1.com.e.mxx1.net.
  cxx-1.com	NS	ns5.cxx-1.com.e.mxx1.net.
  ,
  cxx-2.com	NS	ns1.cxx-2.com.e.mxx1.net.
  cxx-2.com	NS	ns2.cxx-2.com.e.mxx1.net.
  cxx-2.com	NS	ns3.cxx-2.com.e.mxx1.net.
  cxx-2.com	NS	ns4.cxx-2.com.e.mxx1.net.
  cxx-2.com	NS	ns5.cxx-2.com.e.mxx1.net.
  etc.

- Each cxx-n.com.e.mxx.1.net zone name server offers records like
  this:

  ns1.cxx-1.com.e.mxx1.net	600	A	10.20.1.2
			; server at cxx-1's location
  ns2.cxx-1.com.e.mxx1.net	600	A	10.20.2.2
			; server at cxx-2's location
  ns3.cxx-1.com.e.mxx1.net	600	A	10.20.3.2
			; server at cxx-3's location
  ns4.cxx-1.com.e.mxx1.net	600	A	10.20.4.2
			; server at cxx-4's location
  ns5.cxx-1.com.e.mxx1.net	600	A	10.20.5.2
			; server at cxx-5's location

  ns1.cxx-4.com.e.mxx1.net	600	A	10.20.4.2
			; server at cxx-4's location
  ns2.cxx-4.com.e.mxx1.net	600	A	10.20.5.2
			; server at cxx-5's location
  ns3.cxx-4.com.e.mxx1.net	600	A	10.20.6.2
			; server at cxx-6's location
  ns4.cxx-4.com.e.mxx1.net	600	A	10.20.7.2
			; server at cxx-7's location
  ns5.cxx-4.com.e.mxx1.net	600	A	10.20.8.2
			; server at cxx-8's location

Pro:

- {ns1,ns2,ns3,ns4}.mxx1.net don't have to handle all NS requests to
  different cxx-n.com domains.
- Each cxx-n.com.e.mxx.net name server can monitor if each of its name
  servers is alive and change the A record to more suitable address
  when necessary.

Con:

- Needs careful configuration
- Requires more DNS requests than simpler setup:

  + To resolve eg. www.cxx-1.com A (traditional setup):

    www.cxx-1.com:A --> A.GTLD-SERVERS.NET
	cxx-1.com NS ns-1.cxx-1.com 10.20.1.2
	ns-1.cxx-1.com A 10.20.1.2
    www.cxx-1.com:A --> 10.20.1.2
	www.cxx-1.com A 10.20.1.3

	is 2 transactions

  + New setup:

    www.cxx-1.com:A --> A.GTLD-SERVERS.NET
	cxx-1.com	NS	ns1.cxx-1.com.e.mxx1.net
    ns1.cxx-1.com.e.mxx1.net:A --> A.GTLD-SERVERS.NET
	mxx1.net	NS	ns1.mxx1.net
	ns1.mxx1.net	A	10.1.1.2
    ns1.cxx-1.com.e.mxx1.net:A --> 10.1.1.2
	ns1.cxx-1.com.e.mxx1.net A 10.20.1.2
    www.cxx-1.com:A --> 10.20.1.2
	www.cxx-1.com	A	10.20.1.3

	is 4 transactions and if we separate each cxx-1.com.e.mxx1.net
	zone in a different name server, we get 5 transaction.


The difference is that we can adjust with TTL values which parts of
the name resolution are short lived and which are long lived.

And now the problem with some registrars (or is it the same with all
of them):

godaddy.com:

Does only allow to use "registered hosts" as name servers in .com and
.net domains. If the name server host is in com or net domain and it
is not in the same domain, it needs to be a registered host which
basically means that it has to be (or have been) a NS of its SLD with
glue record (an A record). But for example, any .fi ending (Finland)
host name can be entered as a name server and it gets automatically
"registered" without an A record.

joker.com:

Same as godaddy.com but doesn't allow foreign (like .fi) host names as
name servers if they have too many dots in the host name.

I didn't dare to try Network Solutions because it was very slow last
time I tried the WWW interface.

To summarize:

I have read this <URL:http://cr.yp.to/djbdns/notes.html#gluelessness>
and understand that point of view.

Am I trying accomplish something which is not really needed or would
such an approach be useful in some situations?