<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
You are correct; #1 and #2 <b>together</b> are wrong. I did not
make it clear in my previous message, that the two were mutually
exclusive choices (for the case being discussed).<br>
<br>
Your "note to DNS admins" is indeed what I want.<br>
<br>
Thanks, Dean<br>
<br>
<div class="moz-cite-prefix">On 2014-05-15 22:02, Bart Kus wrote:<br>
</div>
<blockquote cite="mid:53759BD7.8010804@bartk.us" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hey Dean,<br>
<br>
How about we just delegate the forward + reverse to your NS and
you take care of the rest? IN PTR queries for
173.240.24.44.in-addr.arpa. would just get referrals to your NS.<br>
<br>
BTW, this looks wrong to me:<br>
<br>
<ol>
<li><font color="#006600"><tt>ae7q.hamwan.net. 3600 IN A
</tt><tt>44.24.240.173</tt></font></li>
<li><font color="#006600"><tt>ae7q.hamwan.net. 3600 IN
CNAME ns1.ae7q.ampr.org.</tt></font></li>
</ol>
It simultaneously declares to a resolver that ae7q.hamwan.net is
not the canonical name for the desired record (A, etc), and also
offers up an authoritative answer for IN A. Domains with CNAME
declared shouldn't have other records (such as the IN A here).
Resolvers should chase down the query using the CNAME instead.<br>
<br>
Note to DNS admins:<br>
<br>
To delegate forward & reverse to Dean's NS:<br>
<br>
ae7q.hamwan.net. IN NS ns1.ae7q.hamwan.net.<br>
173.240.24.44.in-addr.arpa. IN NS ns1.ae7q.hamwan.net.<br>
ns1.ae7q.hamwan.net. IN A 44.24.240.173<br>
<br>
Dassit.<br>
<br>
--Bart<br>
<br>
On 5/15/2014 9:49 PM, Dean Gibson AE7Q wrote:<br>
</div>
<blockquote cite="mid:537598CE.4020304@ae7q.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
I did:<br>
<br>
<small><font color="#3333ff"><tt>=></tt><tt>dig -x
44.24.240.173 @a.ns.hamwan.net.</tt></font><tt><br>
</tt><tt><br>
</tt><tt>; <<>> DiG 9.2.4 <<>> -x
44.24.240.173 @a.ns.hamwan.net.</tt><tt><br>
</tt><tt>; (1 server found)</tt><tt><br>
</tt><tt>;; global options: printcmd</tt><tt><br>
</tt><tt>;; Got answer:</tt><tt><br>
</tt><tt>;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 55622</tt><tt><br>
</tt><tt>;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY:
0, ADDITIONAL: 0</tt><tt><br>
</tt><tt><br>
</tt><tt>;; QUESTION SECTION:</tt><tt><br>
</tt><tt>;173.240.24.44.in-addr.arpa. IN PTR</tt><tt><br>
</tt><tt><br>
</tt><tt>;; ANSWER SECTION:</tt><tt><br>
</tt><b><tt><font color="#006600">173.240.24.44.in-addr.arpa.
3600 IN PTR ae7q.hamwan.net</font>.</tt></b><tt><br>
</tt><tt><br>
</tt><tt>;; Query time: 147 msec</tt><tt><br>
</tt><tt>;; SERVER: 44.24.244.2#53(44.24.244.2)</tt><tt><br>
</tt><tt>;; WHEN: Thu May 15 20:44:05 2014</tt><tt><br>
</tt><tt>;; MSG SIZE rcvd: 73</tt><tt><br>
</tt><tt><br>
</tt><font color="#3333ff"><tt>=></tt><tt>dig
ae7q.hamwan.net. @a.ns.hamwan.net.</tt></font><tt><br>
</tt><tt><br>
</tt><tt>; <<>> DiG 9.2.4 <<>>
ae7q.hamwan.net. @a.ns.hamwan.net.</tt><tt><br>
</tt><tt>; (1 server found)</tt><tt><br>
</tt><tt>;; global options: printcmd</tt><tt><br>
</tt><tt>;; Got answer:</tt><tt><br>
</tt><tt>;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 46180</tt><tt><br>
</tt><tt>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
ADDITIONAL: 0</tt><tt><br>
</tt><tt><br>
</tt><tt>;; QUESTION SECTION:</tt><tt><br>
</tt><tt>;ae7q.hamwan.net. IN A</tt><tt><br>
</tt><tt><br>
</tt><tt>;; AUTHORITY SECTION:</tt><tt><br>
</tt><b><font color="#cc0000"><tt>ae7q.hamwan.net.
3600 IN NS ns1.ae7q.ampr.org.</tt></font></b><tt><br>
</tt><tt><br>
</tt><tt>;; Query time: 101 msec</tt><tt><br>
</tt><tt>;; SERVER: 44.24.244.2#53(44.24.244.2)</tt><tt><br>
</tt><tt>;; WHEN: Thu May 15 20:45:39 2014</tt><tt><br>
</tt><tt>;; MSG SIZE rcvd: 64</tt><tt><br>
</tt><tt><br>
</tt><font color="#3333ff"><tt>=>dig ns1.ae7q.ampr.org.
@ampr.org.</tt></font><tt><br>
</tt><tt><br>
</tt><tt>; <<>> DiG 9.2.4 <<>>
ns1.ae7q.ampr.org. @ampr.org.</tt><tt><br>
</tt><tt>; (1 server found)</tt><tt><br>
</tt><tt>;; global options: printcmd</tt><tt><br>
</tt><tt>;; Got answer:</tt><tt><br>
</tt><tt>;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 27978</tt><tt><br>
</tt><tt>;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY:
7, ADDITIONAL: 1</tt><tt><br>
</tt><tt><br>
</tt><tt>;; QUESTION SECTION:</tt><tt><br>
</tt><tt>;ns1.ae7q.ampr.org. IN A</tt><tt><br>
</tt><tt><br>
</tt><tt>;; ANSWER SECTION:</tt><tt><br>
</tt><b><font color="#006600"><tt>ns1.ae7q.ampr.org.
3600 IN A 44.24.240.173</tt></font></b><tt><br>
</tt><tt><br>
</tt><tt>;; AUTHORITY SECTION:</tt><tt><br>
</tt><tt>ampr.org. 3600 IN NS
ampr-dns.in-berlin.de.</tt><tt><br>
</tt><tt>ampr.org. 3600 IN NS
ampr.org.</tt><tt><br>
</tt><tt>ampr.org. 3600 IN NS
munnari.OZ.AU.</tt><tt><br>
</tt><tt>ampr.org. 3600 IN NS
ns1.defaultroute.net.</tt><tt><br>
</tt><tt>ampr.org. 3600 IN NS
ns2.threshinc.com.</tt><tt><br>
</tt><tt>ampr.org. 3600 IN NS
ns0.comgw.net.</tt><tt><br>
</tt><tt>ampr.org. 3600 IN NS
hamradio.ucsd.edu.</tt><tt><br>
</tt><tt><br>
</tt><tt>;; ADDITIONAL SECTION:</tt><tt><br>
</tt><tt>ampr.org. 3600 IN A
44.0.0.1</tt><tt><br>
</tt><tt><br>
</tt><tt>;; Query time: 157 msec</tt><tt><br>
</tt><tt>;; SERVER: 44.0.0.1#53(44.0.0.1)</tt><tt><br>
</tt><tt>;; WHEN: Thu May 15 20:47:46 2014</tt><tt><br>
</tt><tt>;; MSG SIZE rcvd: 263</tt></small><br>
<br>
Now, this is not correct. While I appreciate the PTR record for
44.24.240.173, it needs to point to a <b>hostname</b> record
("A" or CNAME"), not a <b>domainname</b> record. This is not
the fault of the PTR record, but the record that it points to:
The NS record for ae7q.hamwan.net effectively declares
ae7q.hamwan.net as a <b>subdomain</b>, with ns1.ae7q.ampr.org
as its<b> nameserver</b>. Now, ns1.ae7q.ampr.org has the IP
address of 44.24.240.173, but that doesn't mean that the domain
ae7q.hamwan.net is anywhere near 44.24.240.x.<br>
<br>
The correct solution to this problem is to replace the NS record
for ae7q.hamwan.net with a reference to a host; eg:<br>
<ol>
<li><font color="#006600"><tt>ae7q.hamwan.net. 3600 IN A
</tt><tt>44.24.240.173</tt></font></li>
<li><font color="#006600"><tt>ae7q.hamwan.net. 3600 IN
CNAME ns1.ae7q.ampr.org.</tt></font><br>
</li>
</ol>
The administrative advantage of the CNAME is that if my IP
address changes, you don''t have to change the forward record
(you'll still have to update PTR records). The administrative
disadvantage is that the CNAME is dependent upon a different
administrative organization. However, neither solution above
allows for ae7q.hamwan.net to be a subdomain.<br>
<br>
If you want to allow ae7q.hamwan.net to be a subdomain, you need
to lay the following foundation:<br>
<br>
<font color="#006600"><tt>173.240.24.44.in-addr.arpa. 3600 IN
PTR ns1.ae7q.hamwan.net. ; (or ns1.ae7q.ampr.org.)</tt><tt><br>
</tt><tt>ae7q.hamwan.net. 3600 IN NS
ns1.ae7q.hamwan.net. ; (or ns1.ae7q.ampr.org.)</tt><tt><br>
</tt><tt>ns1.ae7q.hamwan.net. 3600 IN A </tt><tt>44.24.240.173
; (</tt><tt>if </tt></font><font color="#006600"><tt><font
color="#006600"><tt>ns1.ae7q.ampr.org. is not used</tt></font>)</tt></font><br>
<br>
That by itself will not allow <b>me</b> to add subdomain
records, but it lays the foundation. I prefer creating
ns1.ae7q.hamwan.net (all three records above), as it keeps the
records independent of a different administrative organization.<br>
<br>
If you want to get carried away, you could also add the
following record:<br>
<br>
<font color="#006600"><tt><a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.ae7q.hamwan.net">www.ae7q.hamwan.net</a>.
3600 IN CNAME ns1.ae7q.</tt></font><font color="#006600"><tt><font
color="#006600"><tt>hamwan.net</tt></font>.</tt></font><font
color="#006600"><tt> ; (or ns1.ae7q.ampr.org.)</tt></font><br>
<br>
-- Dean<br>
<br>
</blockquote>
</blockquote>
<br>
</body>
</html>