Tim:
>> Both of those servers are accessed by name, not numerical IP
>> address, and those names have to be in some public DNS records, so
>> people can find the IP addresses for them to connect to them.
Joe Zeff:
> No. DNS servers are always accessed by IP address, never by name.
> Trying to access a DNS server by name would just create an endless
> loop of trying to resolve addresses as you can't get the server's
> address without using DNS to get the IP address.
That was the point I was making about glue records. I did say it was
chicken and egg. But let's go through that with a real world example:
I want the numerical IP for google:
$ dig google.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30708
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 142.250.70.238
And I get told it's 142.250.70.238 (for me, right now). Further down
in the results of that query we find out who was holding the data:
;; AUTHORITY SECTION:
google.com. 1176 IN NS ns3.google.com.
google.com. 1176 IN NS ns1.google.com.
google.com. 1176 IN NS ns2.google.com.
google.com. 1176 IN NS ns4.google.com.
Any one of four name servers, and ... they're identified by name.
If we want to connect to them, we have to do something else to find out
their IP. That info's provided in the next set of data from the same
query:
;; ADDITIONAL SECTION:
ns2.google.com. 1176 IN A 216.239.34.10
ns1.google.com. 1176 IN A 216.239.32.10
ns3.google.com. 1176 IN A 216.239.36.10
ns4.google.com. 1176 IN A 216.239.38.10
;; Query time: 109 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 08 23:11:16 ACST 2021
;; MSG SIZE rcvd: 191
A bit surprisingly, it's four name servers in the same network. But
with google being that big, they probably have enough capacity that
they don't need to spread their records far and wide.
It's the same in BIND zone files, the first line of the record lists
the start-of-authority, and it lists the name server by name. A bit
further down there's a NS record, that lists the name server by name.
Much further down in all the records for the zone there'll be the A
record for the name server.
It was why the original poster couldn't answer any external queries
some time last year, I think was when the thread started. The thing
that identified their authoritative name server was itself, isolated
from the rest of the world.
--
uname -rsvp
Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
