How is NS server resolving done?

Q

quex2014-02-20 08:17:35

Domain Name System

quex, 2014-02-20 08:17:35

I can not understand one nuance. Let's say there is an example.com
domain and I want to have my own NS - ns1.example.com and ns2.example.com 1. I take two machines, roll BIND, make the necessary entries. 2. At the registrar, in the domain control panel, I enter my NS . How, when accessing the example.com domain, are the IPs of my NSs preliminarily identified, which, in turn, will already have to report the IP of the site to the client? Those. how for the domain example.com the chain will be executed

клиент обратился к example.com -> . -> com. -> ns1.example.com. -> возврат IP example.com клиенту

Question 1: Do I understand correctly that additional fields for IP are provided for this in front of each NS server in the registrar panel in the domain DNS management. zone-level registrar com. make the necessary record and match the domain names of my NS servers with their IP addresses?
Question 2: If so, what happens if two similar records are made by two different people (with the same NS server domain, but with different IP addresses).

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vlad Zhivotnev, 2014-02-20
@quex

Briefly, using the example of my domain (qs.biz)
(the point is the root domain, resolving starts from it)

[email protected]:~$ host -t NS -v .
Trying "."
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64922
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.				IN	NS

;; ANSWER SECTION:
.			110843	IN	NS	b.root-servers.net.
.			110843	IN	NS	j.root-servers.net.
...... тут ещё много.

ip addresses of all root-servers.net. are registered in the configs of all resolvers so that they do not have to be resolved (in bind9 for sure).
Next, we resolve the biz zone:

[email protected]:~$ host -t NS -v biz. b.root-servers.net.
Trying "biz"
Using domain server:
Name: b.root-servers.net.
Address: 192.228.79.201#53
Aliases: 
....... 
;; AUTHORITY SECTION:
biz.			172800	IN	NS	b.gtld.biz.
biz.			172800	IN	NS	a.gtld.biz.
.....
;; ADDITIONAL SECTION:
a.gtld.biz.		172800	IN	A	156.154.124.65
b.gtld.biz.		172800	IN	A	156.154.125.65
a.gtld.biz.		172800	IN	AAAA	2001:503:7bbb:ffff:ffff:ffff:ffff:ff7e
......

Here we see that in the DNS server response we were immediately sent the IP addresses of the NS servers of this zone (since they are located in the zone itself).
Next, we ask the NSs of my domain:

[email protected]:~$ host -t NS -v qs.biz. 156.154.124.65
Trying "qs.biz"
Using domain server:
Name: 156.154.124.65
Address: 156.154.124.65#53
.....
;; AUTHORITY SECTION:
qs.biz.			7200	IN	NS	MASTER.qs.biz.
qs.biz.			7200	IN	NS	SLAVE1.qs.biz.

;; ADDITIONAL SECTION:
MASTER.qs.biz.		7200	IN	A	176.9.238.243
SLAVE1.qs.biz.		7200	IN	A	46.4.251.94
SLAVE1.qs.biz.		7200	IN	AAAA	2a01:4f8:120:918c::a

Similarly, they immediately sent the ip-addresses of the servers.
Well, then we resolve the domain itself:

[email protected]:~$ host qs.biz. 176.9.238.243
Using domain server:
Name: 176.9.238.243
Address: 176.9.238.243#53
Aliases: 

qs.biz has address 176.9.238.243

Of course, all this happens not on your system, but on the resolver that you use.
Well, for a regular domain delegated to NS servers in another zone, ip-addresses will not be sent to the additional section (provided, of course, that they were not explicitly specified during delegation):

[email protected]:~$ host -t NS -v vlad.pro. b0.pro.afilias-nst.org.
Trying "vlad.pro"
Using domain server:
Name: b0.pro.afilias-nst.org.
Address: 2001:500:c1::1#53
Aliases: 

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33961
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;vlad.pro.			IN	NS

;; AUTHORITY SECTION:
vlad.pro.		86400	IN	NS	slave1.qs.biz.
vlad.pro.		86400	IN	NS	master.qs.biz.

Received 74 bytes from 2001:500:c1::1#53 in 55 ms

This is in a very simple way if you explain.