<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
The idea is (see the penultimate line in prior message) for the
44rf.net DNS to <b>not</b> be recursive, but just provide
referrals.<br>
<br>
The point is to have access to other domains (at least DNS lookup)
outside of 44.24.240.0/20, in situations where Internet access isn't
available. Now, admittedly the probability of that is low, and
probably even lower that if Internet access wasn't available, that
44.x.x.x addresses outside of 44.24.240.0/20 served up by 44rf.net
servers would be accessible (ie, that you'd have network
connectivity to those addresses). But, it's cheap experiment.
Opinions as to why this might be a dumb idea, are accepted ...<br>
<br>
Further, getting the domain allowed me to find out that my domain
(EnCirca) registrar, which used to be competent, is now completely
and utterly <b>incompetent</b>. I will be transferring my ten
domains to another registrar, as soon as I've found one at a
competitive price that provides DNS servers that can be used as
slaves to a customer master DNS machine. Previously, I used
DomainMonger, which provided this capability for years, but their
prices seem a little high. EnCirca has it, but alas, something is
wrong there, as I have had over a dozen eMails back and forth over
the last two days, just to get capability working again that worked
a year ago.<br>
<br>
Yes, I wouldn't mind a delegation of ae7q.hamwan.net. Question:
would that allow me to make changes on my own, or can I do that
myself after delegation is set up? With BIND, there are two ways to
do it:<br>
<ol>
<li>Actual delegation (a separate zone with a separate nameserver,
maintained on my server).</li>
<li>Where the subdomains are maintained on the main domain's DNS
server, and the DDNS (restricted to modifications that match a
subdomain pattern) is used to modify the zone.</li>
</ol>
I was planning on offering both for 44rf.net.<br>
<br>
In a later message I'll discuss my request to Brian Kantor for
subdomain delegation, and his response.<br>
<br>
<div class="moz-cite-prefix">On 2014-04-10 23:19, Bart Kus wrote:<br>
</div>
<blockquote cite="mid:53478979.7030203@bartk.us" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">I don't get the point of a recursive
DNS server that by default doesn't resolve the Internet.<br>
<br>
Also, we offer recursive DNS services already on 44.24.244.1 and
44.24.245.1. These include recursive services for *.HamWAN.net
in the absence of root servers, as well as reverse DNS for our
IP ranges, also available in the absence of root servers. The
access to the recursive services is limited to 44-net clients.<br>
<br>
On the authoritative side, we're happy to delegate sub-zones.
*.AE7Q.HamWAN.net for example can be delegated.<br>
<br>
While Brian does offer some support for DNS on ampr.org, but I
do think AMPR needs to support reverse DNS delegation. And
DNSSEC. I'm not sure why delegations aren't allowed. I know
it's come up before.<br>
<br>
--Bart<br>
<br>
On 4/10/2014 10:21 PM, Dean Gibson AE7Q wrote:<br>
</div>
<blockquote cite="mid:53477BEF.9070603@ae7q.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Two days ago I obtained domain 44rf.net, for the sole purpose of
supporting amateurs on 44.x.x.x which need more <b>subdomain</b>
support than ampr.org provides (ie, <b>none</b>; Brian Kantor
will not allow NS records in ampr.org). It's trivial to allow
subdomains of 44rf.net which users can <b>self-manage</b>,
without screwing up the parent domain (volunteers/testers
welcome). And, with the use of stub zones, I support (present
tense) referrals to ampr.org, hamwan.net, and other domains in a
situation where the root servers are not available. Eg:<br>
<br>
<font color="#006600"><small><tt>>dig @ns1.ae7q.ampr.org
db0bi.ampr.org</tt><tt><br>
</tt><tt> </tt><tt><br>
</tt><tt> ; <<>> DiG 9.2.4 <<>>
@ns1.ae7q.ampr.org db0bi.ampr.org</tt><tt><br>
</tt><tt> ; (1 server found)</tt><tt><br>
</tt><tt> ;; global options: printcmd</tt><tt><br>
</tt><tt> ;; Got answer:</tt><tt><br>
</tt><tt> ;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 55750</tt><tt><br>
</tt><tt> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
AUTHORITY: 7, ADDITIONAL: 10</tt><tt><br>
</tt><tt> </tt><tt><br>
</tt><tt> ;; QUESTION SECTION:</tt><tt><br>
</tt><tt> ;db0bi.ampr.org. IN A</tt><tt><br>
</tt><tt> </tt><tt><br>
</tt><tt> ;; ANSWER SECTION:</tt><tt><br>
</tt><tt> db0bi.ampr.org. 3568 IN A
44.225.61.14</tt><tt><br>
</tt><tt> </tt><tt><br>
</tt><tt> ;; AUTHORITY SECTION:</tt><tt><br>
</tt><tt> ampr.org. 3568 IN NS
hamradio.ucsd.edu.</tt><tt><br>
</tt><tt> ampr.org. 3568 IN NS
ns0.comgw.net.</tt><tt><br>
</tt><tt> ampr.org. 3568 IN NS
ns1.defaultroute.net.</tt><tt><br>
</tt><tt> ampr.org. 3568 IN NS
ns2.threshinc.com.</tt><tt><br>
</tt><tt> ampr.org. 3568 IN NS
ampr.org.</tt><tt><br>
</tt><tt> ampr.org. 3568 IN NS
munnari.OZ.AU.</tt><tt><br>
</tt><tt> ampr.org. 3568 IN NS
ampr-dns.in-berlin.de.</tt><tt><br>
</tt><tt> </tt><tt><br>
</tt><tt> ;; ADDITIONAL SECTION:</tt><tt><br>
</tt><tt> ns1.defaultroute.net. 172764 IN A
74.120.14.69</tt><tt><br>
</tt><tt> ns2.threshinc.com. 3564 IN A
192.41.222.8</tt><tt><br>
</tt><tt> ns2.threshinc.com. 172764 IN AAAA
2604:5000:0:2::2</tt><tt><br>
</tt><tt> ampr.org. 3568 IN A
44.0.0.1</tt><tt><br>
</tt><tt> munnari.OZ.AU. 14365 IN A
202.29.151.3</tt><tt><br>
</tt><tt> munnari.OZ.AU. 86364 IN AAAA
2001:3c8:9007:1::21</tt><tt><br>
</tt><tt> munnari.OZ.AU. 86364 IN AAAA
2001:3c8:9009:181::2</tt><tt><br>
</tt><tt> ampr-dns.in-berlin.de. 864 IN A
192.109.42.4</tt><tt><br>
</tt><tt> ampr-dns.in-berlin.de. 864 IN AAAA
2a01:238:4073:e600::1</tt><tt><br>
</tt><tt> hamradio.ucsd.edu. 43164 IN A
169.228.66.6</tt><tt><br>
</tt><tt> </tt><tt><br>
</tt><tt> ;; Query time: 253 msec</tt><tt><br>
</tt><tt> ;; SERVER: 44.24.240.173#53(44.24.240.173)</tt><tt><br>
</tt><tt> ;; WHEN: Thu Apr 10 20:10:06 2014</tt><tt><br>
</tt><tt> ;; MSG SIZE rcvd: 452</tt><tt><br>
</tt><tt> </tt><tt><br>
<br>
</tt><tt>>dig @ns1.ae7q.ampr.org a.ns.hamwan.net</tt><tt><br>
</tt><tt><br>
</tt><tt>; <<>> DiG 9.2.4 <<>>
@ns1.ae7q.ampr.org a.ns.hamwan.net</tt><tt><br>
</tt><tt>; (1 server found)</tt><tt><br>
</tt><tt>;; global options: printcmd</tt><tt><br>
</tt><tt>;; Got answer:</tt><tt><br>
</tt><tt>;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 46457</tt><tt><br>
</tt><tt>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY:
2, ADDITIONAL: 0</tt><tt><br>
</tt><tt><br>
</tt><tt>;; QUESTION SECTION:</tt><tt><br>
</tt><tt>;a.ns.hamwan.net. IN A</tt><tt><br>
</tt><tt><br>
</tt><tt>;; ANSWER SECTION:</tt><tt><br>
</tt><tt>a.ns.hamwan.net. 3600 IN A
44.24.244.2</tt><tt><br>
</tt><tt><br>
</tt><tt>;; AUTHORITY SECTION:</tt><tt><br>
</tt><tt>hamwan.net. 172800 IN NS
a.ns.hamwan.net.</tt><tt><br>
</tt><tt>hamwan.net. 172800 IN NS
b.ns.hamwan.net.</tt><tt><br>
</tt><tt><br>
</tt><tt>;; Query time: 499 msec</tt><tt><br>
</tt><tt>;; SERVER: 44.24.240.173#53(44.24.240.173)</tt><tt><br>
</tt><tt>;; WHEN: Thu Apr 10 20:31:47 2014</tt><tt><br>
</tt><tt>;; MSG SIZE rcvd: 79</tt></small><br>
</font><br>
However, notice what happens when I access a domain for which I
do <b>not</b> have a stub zone declaration:<br>
<br>
<font color="#cc0000"><tt><small>>dig @ns1.ae7q.ampr.org <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.hamwan.org">www.hamwan.org</a><br>
<br>
<br>
; <<>> DiG 9.2.4 <<>>
@ns1.ae7q.ampr.org <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.hamwan.org">www.hamwan.org</a><br>
; (1 server found)<br>
;; global options: printcmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 24283<br>
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13,
ADDITIONAL: 0<br>
<br>
;; QUESTION SECTION:<br>
;www.hamwan.org. IN A<br>
<br>
;; AUTHORITY SECTION:<br>
. 518400 IN NS
I.ROOT-SERVERS.NET.<br>
. 518400 IN NS
J.ROOT-SERVERS.NET.<br>
. 518400 IN NS
K.ROOT-SERVERS.NET.<br>
. 518400 IN NS
L.ROOT-SERVERS.NET.<br>
. 518400 IN NS
M.ROOT-SERVERS.NET.<br>
. 518400 IN NS
A.ROOT-SERVERS.NET.<br>
. 518400 IN NS
B.ROOT-SERVERS.NET.<br>
. 518400 IN NS
C.ROOT-SERVERS.NET.<br>
. 518400 IN NS
D.ROOT-SERVERS.NET.<br>
. 518400 IN NS
E.ROOT-SERVERS.NET.<br>
. 518400 IN NS
F.ROOT-SERVERS.NET.<br>
. 518400 IN NS
G.ROOT-SERVERS.NET.<br>
. 518400 IN NS
H.ROOT-SERVERS.NET.<br>
<br>
;; Query time: 258 msec<br>
;; SERVER: 44.24.240.173#53(44.24.240.173)<br>
;; WHEN: Thu Apr 10 22:11:09 2014<br>
;; MSG SIZE rcvd: 243</small></tt></font><br>
<br>
That is, ns1.ae7q.ampr.org does <b>not</b> function as a
general-purpose recursive DNS server.<br>
<br>
Now, if someone else is already doing this ... let me know.<br>
</blockquote>
</blockquote>
<br>
</body>
</html>