On Sun, 2021-06-06 at 11:54 -0700, Jack Craig wrote:
something i dont get, if my registrar provides glue references for
primary & secondary domain dns servers, what purpose is served by
anything in my host's named.conf (et al) having any reference to my
domain if it's not accessible/useful?
i had thought that i should provide the primary server and my hosting
service provided secondary, but that leaves only the secondary os i
have only 1 responding
The internet, at large, will always use your primary server. If it
can't, it'll try your secondary server. Both of those servers are
accessed by name, not numerical IP address, and those names have to be
in some public DNS records, so people can find the IP addresses for
them to connect to them.
A glue record is a helping hand to find your primary server, when
nothing else gives information about it.
e.g. I try to look up
linuxlighthouse.com. My system will find the
root server for .com, then it will ask it who holds the records for
linuxlighthose.com, get told
ns.linuxlighthouse.com and then query
whoever that was, for its IP address.
The big gotcha is that .com will say
linuxlighthouse.com is handled by
a particular nameserver by that nameserver's *name* not its IP.
So the person trying to find
linuxlighthouse.com first has to find the
IP for
ns.linuxlighthouse.com. If the only server that knows that IP
is
ns.linuxlighthouse.com, itself, outsiders have no way to find out
the IP of the nameserver to connect to it.
Having your primary server as yourself, answering queries for itself,
and nobody outside knowing it's IP to be able query it, is the quandary
you find yourself in.
How do you spell dictionary? Dunno, go look it up in the dictionary...
Hence, the glue record. Querying .com will say
ns.linuxlighthouse.com
is handled by the holder of that gluerecord, we'll call it
example.com
(your registrar or other service provider). Your registrar will have
records that everyone else can lookup, so they can find example.com's
IP address. Now people can connect to your
example.com registrar, your
registrar's DNS server's glue record will give them the numerical IP of
your
ns.linuxlighthouse.com DNS server that they couldn't look up
directly. And, then, after all that, they can find your DNS server and
query it about
linuxlighthouse.com.
This is like borrowing $5 from someone who wants a favour from a third
party before they'll give you it, and that third party wants a favour
from a fourth party before they'll do the third party's favour, rinse,
lather, repeat...
In all seriousness, you're really doing this the hardest way possible.
I would let your registrar be your primary and secondary DNS servers
(they'll have more than one server), and have your IP addresses
programmed into them. The public can query them. And just run your
own name server for your own internal addresses, and for learning how
things work.
Your registar does not require you to run a DNS server to give them the
information. The DNS records will be programmed directly into their
DNS server. Either by them, manually, or automatically when you
registered the domain name, or you'll have some webpage interface to
enter and edit details.
--
uname -rsvp
Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.