Re: Query regarding NS record

Sun, 18 Sep 2011 09:15:46 -0700

"ANY". That NS record tells *the*world* (not just your ISP) that they can come to your nameserver to resolve names in the zone.
It wouldn't be much a failover strategy if you were relying on your ISP's nameservers to somehow "proxy" the queries over to you, when they're down. 


Open up inbound destination port 53 TCP/UDP (for queries) and outbound 
source port 53 TCP/UDP (for responses). The destination port outbound 
will be the same as the source port inbound, for a given DNS 
transaction, if your firewalls are stateful enough to keep track of such 
things.



                                                                        
                                - Kevin


On 9/18/2011 12:01 PM, babu dheen wrote:

Hi,

  Once i delegated NS record in my ISP name server to my company name 
server for mail.myoffice.com website as below. Do i need to allow DNS 
port from ANY(INTERNET) to my DNS server in firewall or i just need to 
allow DNS traffic only from ISP DNS server

ISP DNS server configuration
mycompany-dns-server-ip   IN    A 10.10.10.10
mail.myoffice.com           IN    NS<mycompany dns server ip>
Regards
Papdheen M
*From:* Kevin Darcy <k...@chrysler.com>
*To:* bind-users@lists.isc.org
*Sent:* Sunday, 18 September 2011 5:09 PM
*Subject:* Re: Query regarding NS record

Are you talking about recursive clients failing over?

Or other nameservers trying to talk to yours, non-recursively?


Recursive clients don't use NS records at all and you need to approach 
the failover problem in a completely different way (e.g. relying on 
the client failing over from one resolver IP address to another, or 
implementing an Anycast solution).



If you're talking about nameserver-to-nameserver traffic, then just 
publish multiple NS records for the relevant zone(s) and the 
nameserver-selection algorithm embedded in every known 
iterative-resolver implementation will take care of the load-balancing 
and failover; to summarize, faster-responding nameservers will be 
chosen over slower-responding ones.



                                                                    
                                                                    
                                            - Kevin


On 9/16/2011 11:17 AM, babu dheen wrote:

Hi,
    Can anyone let me know how i can resolve the below requirement.
Requirement:

We have two offices. One is main office and another one is remote 
branch office. Now my company client requirement is that if main 
office DNS server is not reachable, all DNS query should be sent to 
branch office DNS server. How this can be acheived using BIND?
For example, my company mail website is; mail.mycompany.com which is 
pointed as below in ISP name server.

mail.mycompany.com    IN    NS    ns1.mainoffice.com
mail.mycompany.com    IN    NS    ns1.branceoffice.com
  Is the above record is correct or not?
 Please suggest.
Regards
papdheen M


_______________________________________________
Please visithttps://lists.isc.org/mailman/listinfo/bind-users  to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org  <mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list


bind-users mailing list
bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users





















					Reply via email to