Hi Lynwood,
As Ruben says - this was the point I was trying to get across in my last email - I am not
criticising you, I am just curious to understand what you are trying to achieve as it does
not make sense to me...
ARDC have setup four authoritative nameservers for
ampr.org <http://ampr.org/> and
all the (now separate) reverse zones (ok, to be precise not ALL the reverse zones, as I
said before we have a small number of delegated reverse zones - 5 or 6 from memory). Under
normal circumstances NONE of these namservers need to allow AXFR / zone transfers to
anyone, but as a few folks asked nicely I opened up
ns.ardc.net
<http://ns.ardc.net/> (which is the primary) as a favour, but only to 44.0.0./9
& 44.128.0.0/10 source IPs.
To reiterate, these authoritative nameservers are:
ns.ardc.net (UK based primary)
a.gw4.uk (UK based secondary)
ns2.us.ardc.net (West coast US secondary)
ns1.de.ardc.net (Germany based secondary)
As these are authoritative nameservers, best practice dictates that they are not also
recursive nameservers.
If you, or anyone else wants to setup a recursive nameserver you are welcome to do so,
no-one is going to stop you, nor do you have to ask anyone’s permission, but also you not
need to get any special access to the zonefiles, as Frederic and others point out, you
don't need to. If someone queries your recursive nameserver it will, by definition,
recurse from the root servers down the tree to find one of the authoritative nameservers
listed above to get the answer, your server will then cache that answer ready for the next
time it is queried.
I hope that makes things clearer, but please, if I am not explaining it sufficiently do
ask. It would also perhaps help me, and others, if you could explain why you want access
to AXFR when it is not needed for a recursive nameserver (this is the non-standard bit I
don’t get).
Thanks & 73,
Chris - G1FEF
—
ARDC Administrator
Web:
https://www.ardc.net
On 24 Apr 2024, at 17:44, Ruben ON3RVH via 44net
<44net(a)mailman.ampr.org> wrote:
Lynwood,
A request like normal is just a standard dns request.
If you want to be a open dns server for everyone on the AMPR network just do it. If
someone asks for a ptr which your server does not own or have in it’s cache it’ll just
look it up using the root servers like any normal dns server.
I don’t get why you **need** to have all reverses in your zones. Master or slave.
73,
Ruben - ON3RVH
On 24 Apr 2024, at 18:35, lleachii--- via 44net
<44net(a)mailman.ampr.org> wrote:
Frederic,
How does someone "make a request like normal" if their client DNS server is set
to 44.1.1.44, but your 7 authoritative servers are not (nor
ns2.ardc.net, UK, DE etc. -
but others)?
What is that "normal request" in your paradigm?
Please explain - maybe I'm missing something?
What if this user doesn't use IPIP for Internet, but needs to accesses hamwan or your
subnet?
This is why it's better to simply follow RFC - or maybe your network is not being
used for AMPRNet according the AUP?
What's being hidden?
73,
- Lynwood
KB3VWG
On Wednesday, April 24, 2024 at 12:26:36 PM EDT, Fredric Moses <fred(a)moses.bz>
wrote:
As the admin for W8CMN and 44.15/16 our PTR records are hosted on seven different
authoritative name servers in diverse areas and networks. BGP and IPIP included, if
somebody wants a PTR record make a request like normal, but we will not be allowing
transfers of zone files to any server not under our control. You are welcome to make PTR
queries like anybody else but no special zone transfers will be allowed.
--
Fredric Moses - W8FSM - WRPA678
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org