[Techtalk] dns issue

James Sutherland james at deadnode.org
Thu Jan 12 20:47:44 UTC 2012

Hi Maria,

This is where 'glue' comes in.

What is supposed to happen is that the .org servers (c0.org.afilias-nst.info and siblings) have both the names and IP addresses of your nameservers, if the nameservers are in the same domain (or another .org). For my own domain, deadnode.org, they have these records:

deadnode.org.		86400	IN	NS	uz5vmxjnzqkp8stlf847f50pxbx3z55pf6rjsxrz6ut04r63lfspcm.ns.deadnode.org.
deadnode.org.		86400	IN	NS	uz5hx1ju96n68qqd3zy5hz67pf3vlg0kxz51rl5nqfyccsb1wulxcm.ns.deadnode.org.
deadnode.org.		86400	IN	DS	29675 8 1 58CDB9837E33746912C615C2C9CB54DBAB2CDFAB
deadnode.org.		86400	IN	RRSIG	DS 7 2 86400 20120130160055 20120109150055 61380 org. gN+guE1iFh2mL9/yPKHi5ak1brs6SrJZwrZ37ZK/7ooOc9/C4Ie7N2Qk 097WHNkGuB+/ubnM3cmbHvriJIjKUUzaYLzbevi/N8tp/gmTDaOVFOvU yFd6Kqk342s9CD+6nsMrTDs6tEzAXUjKtfJzXfmCShoMdqfDxtHijjaa wbM=

uz5hx1ju96n68qqd3zy5hz67pf3vlg0kxz51rl5nqfyccsb1wulxcm.ns.deadnode.org.	86400 IN A
uz5hx1ju96n68qqd3zy5hz67pf3vlg0kxz51rl5nqfyccsb1wulxcm.ns.deadnode.org.	86400 IN AAAA 2002:4532:fe56::1
uz5vmxjnzqkp8stlf847f50pxbx3z55pf6rjsxrz6ut04r63lfspcm.ns.deadnode.org.	86400 IN A
uz5vmxjnzqkp8stlf847f50pxbx3z55pf6rjsxrz6ut04r63lfspcm.ns.deadnode.org.	86400 IN AAAA 2600:3c01::f03c:91ff:fe96:7efe

As you see in the 'additional section', it lists the IP (and IPv6, in my case) addresses of both my nameservers, as well as their names. Otherwise, you get the chicken-and-egg problem: in order to find www.deadnode.org, you need to contact the nameservers using their IP addresses - which you could only get by contacting the nameservers. Your registrar should provide a way to configure these addresses (known as "glue" in DNS speak).

If you only used another company's servers - like Sitelutions (which I sometimes use for their free DNS hosting), you'd have ns1 to ns5.sitelutions.com. For those, the addresses would come from the .com servers instead. (A visitor's system would go "need www.shadlen.org's IP ... ok, I can ask ns1.sitelutions.com for that, but I don't know ns1's IP address either, so I'll ask the .com servers - if the .com servers just said "ask ns1.sitelutions.com about sitelutions.com", you'd be stuck!)

What you need to do is add ns.shadlen.org's IP address as a glue record on the .org servers. How you do that varies between registrars, unfortunately, but they should have a help page telling you.

(My nameservers have strange long names beginning with 'uz5' because they both support DNScurve encryption, which embeds the public key in the server name - otherwise, they'd just be called something boring like ns1 and ns2. Similarly, the 'DS' and 'RRSIG' records are there because of DNSSEC.)

Sharing IP addresses between functions is totally legitimate and harmless; big outfits need lots of servers to handle the load, so having a few machines doing nothing but DNS makes sense, but for a personal domain having everything on a single machine (as I do - well, two in fact, but the idea's the same) is perfectly reasonable and legitimate.


More information about the Techtalk mailing list