Why are remote name servers querying my unregistered name server?

Answered Mon, 17 Dec 2001

> Love your books and writtings! But alas, I am dim witted cannot figure out
> the following issue on my own : / Clearly my understanding of the roles of the
> name server information in the domain name registration and the NS records in
> the zone file have been incorrect. Would you please recommend for me citings
> from one of your books or writings that you believe will teach me the relationship
> between those two DNS server sources, and hopefully provde me with the
> information to understand why what I did resulted in the error conditions I mention
> below?

Sure.

> Here is my war story...
>
> I previoulsy thought that the name servers I designated in the domain name
> registration (say with Verisign -- with those designated name servers visable to
> me via a whois lookup) were the only name servers which would be reported to
> someone requesting to an A record for a particular domain name. I always made
> the NS records in the named files for a particular domain name consistent with
> the name servers listed on the domain name registration. The name we have
> used without issue are dns1.bee.net and dns3.bee.net
>
> Recently we setup a third name server, dns4.bee.net, giving it a public IP
> address - but not used in the registration information for any domain name we
> host in our previously existing public DNS servers. We intend to use it solely for
> our mail server - hosting a DNS information provided by an third party service for
> spam filtering purposes. We added an ns record to the bee.net zone file for the
> new DNS server. We did not register the host with Verisign.
>
> Here's what happened === we started getting complaints that users not on our
> network could not get to certain websites we host. When we di testing with
> nslookup on the remote DNS servers used by those users, we found that those
> remote DNS servers were reporting DNS4.bee.net as one of the name servers
> which had information about that particular domain. This issue impacted both
> domain names with their own zone file (such as beenet.com) and subdomains of
> bee.net which shared the zone file with bee.net (such as rsp.bee.net). Since
> DNS4.bee.net does not contain any information for either beenet.com or bee.net,
> the remote user was not able to get to the respective websites.
>
> I was very surprised that the remote name servers even knew about dns4.bee.net
> rsp.bee.net -- since the information for bee.net at network solutions does not list
> dns4.bee.net. However, I figured it came upon the information because
> DNS4.bee.net was included as an NS record for bee.net. But the zone file for
> beenet.com dis not include that NS record....
>
> As mentioned above -- I would very much appreciat it if you could point me to a
> FAQ or book citing or writing which would help me understand more basics of
> DNS so that I can explain what happened -- how not to let it happen again -- and
> use the "dedicated name server" without impacting the DNS resolution of the
> other domain names we host.

Well, how about if I just answer your question?

The first time I look up a domain name in bee.net, I follow the delegation information from the net name servers to the bee.net name servers. This is the information you're setting up when you register with Network Solutions. However, when one of the bee.net name servers sends me an answer to my question (e.g., the address of bee.net), that name server includes the list of NS records for bee.net from the bee.net zone data file, which may be different from the NS records you specified with Network Solutions. From that point until those NS records time out of my cache, I'll use any of the name servers the bee.net name server told me about.

All that said, I poked around bee.net and beenet.com and didn't see any NS records pointing to dns4.bee.net, so I'm not sure why remote name servers are querying it. However, the mechanism I described is the likely reason they'd query it.

Hope this helps you!

cricket