Hi Lynwood,

As Ruben says - this was the point I was trying to get across in my last email - I am not criticising you, I am just curious to understand what you are trying to achieve as it does not make sense to me...

ARDC have setup four authoritative nameservers for ampr.org and all the (now separate) reverse zones (ok, to be precise not ALL the reverse zones, as I said before we have a small number of delegated reverse zones - 5 or 6 from memory). Under normal circumstances NONE of these namservers need to allow AXFR / zone transfers to anyone, but as a few folks asked nicely I opened up ns.ardc.net (which is the primary) as a favour, but only to 44.0.0./9 & 44.128.0.0/10 source IPs.

To reiterate, these authoritative nameservers are:

ns.ardc.net (UK based primary)
a.gw4.uk (UK based secondary)
ns2.us.ardc.net (West coast US secondary)
ns1.de.ardc.net (Germany based secondary)

As these are authoritative nameservers, best practice dictates that they are not also recursive nameservers.

If you, or anyone else wants to setup a recursive nameserver you are welcome to do so, no-one is going to stop you, nor do you have to ask anyone’s permission, but also you not need to get any special access to the zonefiles, as Frederic and others point out, you don't need to. If someone queries your recursive nameserver it will, by definition, recurse from the root servers down the tree to find one of the authoritative nameservers listed above to get the answer, your server will then cache that answer ready for the next time it is queried.

I hope that makes things clearer, but please, if I am not explaining it sufficiently do ask. It would also perhaps help me, and others, if you could explain why you want access to AXFR when it is not needed for a recursive nameserver (this is the non-standard bit I don’t get).

Thanks & 73,
Chris - G1FEF

ARDC Administrator

Web: https://www.ardc.net


On 24 Apr 2024, at 17:44, Ruben ON3RVH via 44net <44net@mailman.ampr.org> wrote:

Lynwood,

A request like normal is just a standard dns request. 

If you want to be a open dns server for everyone on the AMPR network just do it. If someone asks for a ptr which your server does not own or have in it’s cache it’ll just look it up using the root servers like any normal dns server. 

I don’t get why you **need** to have all reverses in your zones. Master or slave. 

73, 
Ruben - ON3RVH

On 24 Apr 2024, at 18:35, lleachii--- via 44net <44net@mailman.ampr.org> wrote:


Frederic,

How does someone "make a request like normal" if their client DNS server is set to 44.1.1.44, but your 7 authoritative servers are not (nor ns2.ardc.net, UK, DE etc. - but others)?

  • What is that "normal request" in your paradigm?
  • Please explain - maybe I'm missing something?
  • What if this user doesn't use IPIP for Internet, but needs to accesses hamwan or your subnet?

This is why it's better to simply follow RFC - or maybe your network is not being used for AMPRNet according the AUP?

What's being hidden?


73,


- Lynwood
KB3VWG

On Wednesday, April 24, 2024 at 12:26:36 PM EDT, Fredric Moses <fred@moses.bz> wrote:


As the admin for W8CMN and 44.15/16 our PTR records are hosted on seven different authoritative name servers in diverse areas and networks.  BGP and IPIP included, if somebody wants a PTR record make a request like normal, but we will not be allowing transfers of zone files to any server not under our control.  You are welcome to make PTR queries like anybody else but no special zone transfers will be allowed.

--
Fredric Moses - W8FSM - WRPA678


_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org
_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org