DNS Questions

Hello all,

I'm not sure this is the best news group to ask that. If not, just point me
in the good direction...

Somme months ago, I bought a domain name. I wanted to setup and host it on
my PC. Today, I finaly follow the DNS-How-to and finished my DNS
setup/config. It is [supposed to be] fonctionnal. My questions are:

1- How will my domain name be "given" to the Top Level Domain? Is Bind
sending informations regularly?
2- I bought my domain name on a website (domainatcost.ca). On their website,
I have the possibility to change both the primary and secondary DNS for my
domain. I've changed the primary to point to my PC where my DNS is running.
Is that correct? What should I do with the secondary. What would have been
the problem if I hadn't do that (my domain name was parked and not
fonctionnal).
3- If I host my domain, do I have financial liability with them? Should I
continue to pay annual fees to them?

TIA

Yannick

>> But I'm now
>> wondering why it could take 24/48 hours to a new domain to be seen from
>> everywhere. I mean, my registrar has immediatly sent my DNS info to the
>
> Because the old records have times associated with them saying how long it
> is OK to cache them. For SLD NS record information a day or two is a
> reasonable time.

Ok, but when I changed the primary DNS at my registrar to point to my PC,
the TLD was immediatly updated. Didn't my registrar send this info to
the TLDs concerned? What is "SLD"?

>> TLD concerned. Then, how I understand that, every DNS in the world being
>> unable to resolved this domain name by looking in their cache would have
>> reach this TLD and resolved the domain name. Isn't it working that way?
>
> How do you know it isn't?

So it is working that way, but the info at the TDL could be not
up-to-date. That the reason why it could take up to 24/48 hours?

>>> You point it at your slave server. It is not good practice to have only
>>> one.
>>> If your PC fails or is turned off, your names cannot be resolved. Some
>>> registrars will not accept domain registrations with less that two
>>> nameservers. It appears that yours is not fussy if it accepted your
>>> single server registration above.
>>
>> Well, it didn't accept. I finaly let their own DNS as the second one but it
>> seems they didn't try if it worked... or maybe it was working [not
>> properly] because they are my registrar. Don't know.
>
> First off, for a home network having a backup DNS server outside your
> network isn't necessarily a good idea. When you lose connectivity having
> a working DNS server outside your network doesn't do you any good.
> Having a slave DNS server that isn't completely under your control
> introduces risks that your DNS could be messed up by the slave.
>
> However you can't just make your registry the secondary for your domain
> without making some sort of arrangement them so that they will actually
> publish the data.

That's what I did. I know it's not correctly configured. I know too that this
secondary DNS is not doing anything good. I HAD to put a secondary DNS,
and have only one PC, so I simply let the one already there to see if
it'll be working. I'm in a experimenting stage. Just hope I'll not mess up
the entire Internet!

>> But since my goal was simply to host my domain name, a really better way
>> would have been to ask my ISP to change his own DNS configs to make my IP
>> point to my domain and then put my ISP primary and secondary DNS in my
>> registrar's configuration. But I wouldn't have learn that much. Maybe I'll
>> do that too.
>
> That wouldn't work. While you ISP does control your reverse DNS, that
> won't do you much good.

Oh yes, that's true. So thew would have to add a "zone" section to their
named.conf and the resolving corresponding file to resolved my domain
name, has I did here. But they probably won't accept to do that.

>>> Does your DNS actually work? What is your domain name?
>> Yes! Now it's working: www.yturgeon.info (the homepage is blank so don't wait
>> for to much! )
>
> It isn't set up correctly. According to tld1.ultradns.net (one of the .info
> name servers) dns2.domainsatcost.ca is a name server for your domain. However
> when I ask dns2.domainsatcost.ca about yturgeon.info a referral to the
> root servers is returned. You want to remove the entry for
> dns2.domainsatcost.ca.

Yes, that's what I said earlier, dns2.domainsatcost.ca do not actualy do
the job a secondary DNS would be supposed to do. I just entered it there
because I HAD to enter a secondary DNS. Knowing that I have only one PC to
serve as DNS, what should I do about that? Living it like that? Since my
DNS is also my web server, my mail server, my ftp server..., if it's not
operational, the rest of my domain won't be neighter. I repeat:
"experimental"! For the moment, I don't care about the reliability
of my domain. What I care about though it's to mess up things for others
(domainsatcost, my own ISP, users in general) because I don't understand
adequatly how its working. Could this be possible?

Yannick

In article <(E-Mail Removed)>, Yannick Turgeon wrote:

> Ok, but when I changed the primary DNS at my registrar to point to my PC,
> the TLD was immediatly updated. Didn't my registrar send this info to
> the TLDs concerned? What is "SLD"?

The .info name server isn't who is caching the information. It is potentially
cached on at least thousands of machines with no way to know which of
the millions of machines are doing the caching. It is a "pull" system,
not a "push" system.

If you want changes to be propagated quickly you need to use small
TTLs (time to live). The disadvantage to this is it increases the load
on the name servers. The gTLD servers are especially busy. (Though I
doubt that there are that many requests for .info domains relative
to .com, .org and .edu.)

SLD is second level domain.

> So it is working that way, but the info at the TDL could be not
> up-to-date. That the reason why it could take up to 24/48 hours?

No the reason is that when someone asks the TLD about your domain they
are told that they can use the information returned without checking
to see if it has changed for 86400 seconds (1 day).

> That's what I did. I know it's not correctly configured. I know too that this
> secondary DNS is not doing anything good. I HAD to put a secondary DNS,
> and have only one PC, so I simply let the one already there to see if
> it'll be working. I'm in a experimenting stage. Just hope I'll not mess up
> the entire Internet!

No, but it will slow down people trying to get your IP address. What you
can try is using a different name that also points to your home PC.
Some registrars just want two names, but don't require different IP
addresses for them. If you have more than one real IP address for your
home connection, than you could also use two IP addresses from your
home network.

>>> But since my goal was simply to host my domain name, a really better way
>>> would have been to ask my ISP to change his own DNS configs to make my IP
>>> point to my domain and then put my ISP primary and secondary DNS in my
>>> registrar's configuration. But I wouldn't have learn that much. Maybe I'll
>>> do that too.
>>
>> That wouldn't work. While you ISP does control your reverse DNS, that
>> won't do you much good.
>
> Oh yes, that's true. So thew would have to add a "zone" section to their
> named.conf and the resolving corresponding file to resolved my domain
> name, has I did here. But they probably won't accept to do that.

Most broadband providers won't do that for residential service. If they
do they can either enter PTR records on their server or they can delegate
it to your server in one of a couple of different ways.
You really don't need reverse DNS. A few places will block mail servers
if reverse DNS doesn't match the helo line, but they are rare. Occasionally
it gets used for security purposes by people, but this is a bad idea.

In the last exciting episode, Bruno Wolff III <(E-Mail Removed)> wrote:
> In article <(E-Mail Removed)>, Yannick Turgeon wrote:
>>
>> I didn't see the word "registrar" even once in the DNS-How-To. I
>> read it in french but its french equivalent was not there
>> neither. And I read it all, except for the introduction. So I
>> search Google a bit and add to my DNS knowledges which were very
>> limited 24 hours ago. The error I made concerning this registration
>> process was to change my primary DNS at my registrar BEFORE I setup
>> my DNS on my PC. This is when I changed it there that my registrar
>> send information to the TLDs. But I'm now wondering why it could
>> take 24/48 hours to a new domain to be seen from everywhere. I
>> mean, my registrar has immediatly sent my DNS info to the
>
> Because the old records have times associated with them saying how
> long it is OK to cache them. For SLD NS record information a day or
> two is a reasonable time.

Furthermore, the way the updates flow upstream to the root servers
may involve someone pulling updates in some sort of periodic batch
process once every day.

(I'll not name any names :-).)

Even if you can update your NS information virtually instantaneously,
from the perspective of registrant -> registrar -> registry, if it
takes a day for the root servers to get around to rummaging through
the data coming in from the registry, then it'll take some time.

>> Well, it didn't accept. I finaly let their own DNS as the second one but it
>> seems they didn't try if it worked... or maybe it was working [not
>> properly] because they are my registrar. Don't know.
>
> First off, for a home network having a backup DNS server outside
> your network isn't necessarily a good idea. When you lose
> connectivity having a working DNS server outside your network
> doesn't do you any good. Having a slave DNS server that isn't
> completely under your control introduces risks that your DNS could
> be messed up by the slave.
>
> However you can't just make your registry the secondary for your
> domain without making some sort of arrangement them so that they
> will actually publish the data.

Yeah, this is certainly a case where the handling of things will
differ a LOT between usage by people running little web servers on an
ADSL line versus an enterprise that has 50 servers under some domain
name...

>> But since my goal was simply to host my domain name, a really
>> better way would have been to ask my ISP to change his own DNS
>> configs to make my IP point to my domain and then put my ISP
>> primary and secondary DNS in my registrar's configuration. But I
>> wouldn't have learn that much. Maybe I'll do that too.

> That wouldn't work. While you ISP does control your reverse DNS,
> that won't do you much good.

>> Yes, I think I understand now. They pay for the right of adding
>> entries in the TLDs and then they are selling me the domain name. I
>> was seing them like a useless third party between me and the TLDs,
>> but in fact they own rights that I didn't get.

> More or less. They are mostly useless. They were added because of
> complaints about Network Solutions having a monopoly for the gTLDs
> and charging a lot of money for terrible service. While this did
> help, it would have been better to dumped Network Solutions and put
> a single nonprofit in charge of both maintaining the data and
> handling registrations.

You're assuming that the political process that would fall out of the
creation of that "single nonprofit" would represent a monopoly that's
better than what we have now.

The fact that there are many registrars (~120, for the major TLDs)
means that it is clearly neither a monopoly nor an oligopoly, and they
_do_ have to do some competing for customers. Any one, or even any 10
of them might be ludicrously incompetent, and while that would lead to
some inconvenience, it doesn't forcibly need to be disastrous.

If everything simply shifted from NSI to _Some NonProfit Registration
Organization_, the "problems" with NSI would more than likely be
expressed in the new organization. Worse still, the political
infighting would get expressed in fighting for control of _SNPRO_, and
it would be a simply vicious political environment.

>>> Does your DNS actually work? What is your domain name?

>> Yes! Now it's working: www.yturgeon.info (the homepage is blank so
>> don't wait for to much! )

> It isn't set up correctly. According to tld1.ultradns.net (one of
> the .info name servers) dns2.domainsatcost.ca is a name server for
> your domain. However when I ask dns2.domainsatcost.ca about
> yturgeon.info a referral to the root servers is returned. You want
> to remove the entry for dns2.domainsatcost.ca.

There's a problem with the idea of dropping that extra entry. If
there aren't two nameserver entries, yturgeon.info gets dropped out of
the zone, and won't resolve anymore. That would be a Bad Thing, no?

Alternatively, perhaps what needs to happen is for
dns2.domainsatcost.ca to be informed of the IP address that they
should report for yturgeon.info. That's a service that I think
registrars often offer. In any case, it's better to have one bogus
nameserver than to get dropped from the INFO zone...
--
select 'cbbrowne' || '@' || 'cbbrowne.com';
http://www.ntlug.org/~cbbrowne/lsf.html
Outside of a dog, a book is man's best friend. Inside of a dog, it's
too dark to read. -Groucho Marx

After a long battle with technology,Bruno Wolff III <(E-Mail Removed)>, an earthling, wrote:
> In article <(E-Mail Removed)>, Yannick Turgeon wrote:

>> Ok, but when I changed the primary DNS at my registrar to point to
>> my PC, the TLD was immediatly updated. Didn't my registrar send
>> this info to the TLDs concerned? What is "SLD"?

> The .info name server isn't who is caching the information.

Actually, it does, in a sense, but what "it does" means, in this
context, is WAY abstruse. :-)

> It is potentially cached on at least thousands of machines with no
> way to know which of the millions of machines are doing the
> caching. It is a "pull" system, not a "push" system.

Exactly. And I think that the "updating the root servers" part takes
place via the folks running those servers pulling batches of updates
once or twice a day. Which means THAT part has a pretty high latency.

> If you want changes to be propagated quickly you need to use small
> TTLs (time to live). The disadvantage to this is it increases the
> load on the name servers. The gTLD servers are especially
> busy. (Though I doubt that there are that many requests for .info
> domains relative to .com, .org and .edu.)

Furthermore, some parts of the Internet _ignore_ the TTL. I
understand AOL forces its own cacheing policy.

> SLD is second level domain.
>
>> So it is working that way, but the info at the TDL could be not
>> up-to-date. That the reason why it could take up to 24/48 hours?

> No the reason is that when someone asks the TLD about your domain
> they are told that they can use the information returned without
> checking to see if it has changed for 86400 seconds (1 day).

Add to that the fact that it takes somewhere between 12-24h for the
root updates to take place and you get 48h.

>> That's what I did. I know it's not correctly configured. I know too
>> that this secondary DNS is not doing anything good. I HAD to put a
>> secondary DNS, and have only one PC, so I simply let the one
>> already there to see if it'll be working. I'm in a experimenting
>> stage. Just hope I'll not mess up the entire Internet!

> No, but it will slow down people trying to get your IP address. What
> you can try is using a different name that also points to your home
> PC. Some registrars just want two names, but don't require
> different IP addresses for them. If you have more than one real IP
> address for your home connection, than you could also use two IP
> addresses from your home network.

There's a thought.

ns1.yturgon.info
ns2.yturgon.info

>>>> But since my goal was simply to host my domain name, a really better way
>>>> would have been to ask my ISP to change his own DNS configs to make my IP
>>>> point to my domain and then put my ISP primary and secondary DNS in my
>>>> registrar's configuration. But I wouldn't have learn that much. Maybe I'll
>>>> do that too.
>>>
>>> That wouldn't work. While you ISP does control your reverse DNS, that
>>> won't do you much good.
>>
>> Oh yes, that's true. So thew would have to add a "zone" section to their
>> named.conf and the resolving corresponding file to resolved my domain
>> name, has I did here. But they probably won't accept to do that.

> Most broadband providers won't do that for residential service. If
> they do they can either enter PTR records on their server or they
> can delegate it to your server in one of a couple of different ways.
> You really don't need reverse DNS. A few places will block mail
> servers if reverse DNS doesn't match the helo line, but they are
> rare. Occasionally it gets used for security purposes by people,
> but this is a bad idea.

If registries started recording PK certificates for domains, and
publishing that in WHOIS, that would be a vastly more useful "security
provision."

Mind you, that introduces the problem of validating that the
certificates being published are legitimate...
--
let name="cbbrowne" and tld="cbbrowne.com" in name ^ "@" ^ tld;;
http://www3.sympatico.ca/cbbrowne/unix.html
Rules of the Evil Overlord #156. "If I have the hero and his party
trapped, I will not wait until my Superweapon charges to finish them
off if more conventional means are available."
<http://www.eviloverlord.com/>

Bruno,

Thanks for your help and time,

> The .info name server isn't who is caching the information. It is potentially
> cached on at least thousands of machines with no way to know which of
> the millions of machines are doing the caching. It is a "pull" system,
> not a "push" system.
>
> If you want changes to be propagated quickly you need to use small
> TTLs (time to live). The disadvantage to this is it increases the load
> on the name servers. The gTLD servers are especially busy. (Though I
> doubt that there are that many requests for .info domains relative
> to .com, .org and .edu.)

Ok, so I retry an explanation. The first time I changed the primary DNS at
my registrar to become my PC, I immediatly looked with the command "host" if
the new info was in the .info NS, and it was. So it must have a kind of
"pushing" system here. Then, in less then three minutes, I remotely logged to
my PC at work to see if other PCs would already see my domain. The host
www.yturgeon.info has been immediatly resolved. In this particuliar
situation (a new domain), it wasn't in any DNS cache so the DNSs had to
query the TLD to resolve it. Am I correct?

Now, that it is cached in many DNSs, any change I'll do will be up-to-date
only when the TTL expire and the DNSs requery the TLD. But how the TLD is
kept up-to-date? Regularly querying registrars? Registrars are sending
changes? Following your suggestion, I've created another name
(ns2) pointing to my PC. Then, I've updated my secondary DNS at my
registrar. And now, the changes do not appear immediatly in the .info NS.
So the "push" system is not working in each situation. It seems the
first time my registrar sent the info to the .info TLDs and now it's
waiting for TLDs to ask for it.

Yannick

>>> But I'm now wondering why it could
>>> take 24/48 hours to a new domain to be seen from everywhere. I
>>> mean, my registrar has immediatly sent my DNS info to the
>>
>> Because the old records have times associated with them saying how
>> long it is OK to cache them. For SLD NS record information a day or
>> two is a reasonable time.
>
> Furthermore, the way the updates flow upstream to the root servers
> may involve someone pulling updates in some sort of periodic batch
> process once every day.

So no pushing system at all? From registrar to registry? Then I've been
very lucky to make my changes just before the "updates pulling". It's
almost impossible... never won anything! )

|Ok, so I retry an explanation. The first time I changed the primary DNS at
|my registrar to become my PC, I immediatly looked with the command "host" if
|the new info was in the .info NS, and it was. So it must have a kind of
|"pushing" system here. Then, in less then three minutes, I remotely logged to
|my PC at work to see if other PCs would already see my domain. The host
|www.yturgeon.info has been immediatly resolved. In this particuliar
|situation (a new domain), it wasn't in any DNS cache so the DNSs had to
|query the TLD to resolve it. Am I correct?

There is no push system, period. If you query for a domain that's not
cached then you get the freshest answer because the answer comes all the
way from the registrar (and is then cached and displaces any old records
along the way). If you query for one that is cached, you may get a stale
answer until the record times out.

DNS would simply be infeasible if it were a push system. The caches
would never be able to hold all those records sent there "just in case".
--

In article <bfv24s$j3k2g$(E-Mail Removed)>, Christopher Browne wrote:
>
> The fact that there are many registrars (~120, for the major TLDs)
> means that it is clearly neither a monopoly nor an oligopoly, and they
> _do_ have to do some competing for customers. Any one, or even any 10
> of them might be ludicrously incompetent, and while that would lead to
> some inconvenience, it doesn't forcibly need to be disastrous.

Some aspects of service have gotten better. However Network Solutions
has still managed to keep a monopoly on the back end. They don't get as
much money for that part as they used to for the full job, but they
don't have to deal with domain owners one on one which cuts costs.

If the bidding process for .org one group thought they could do things
a lot cheaper than what NS gets paid as the wholesale domain rate.
Unfortunately they didn't win the bid as the bid contents didn't matter
as much as what back room deals were made.

There are still some bad things going on between the registrars including
spamming, fake renewal notices, and intefering with transferring to other
registrars.

> If everything simply shifted from NSI to _Some NonProfit Registration
> Organization_, the "problems" with NSI would more than likely be
> expressed in the new organization. Worse still, the political
> infighting would get expressed in fighting for control of _SNPRO_, and
> it would be a simply vicious political environment.

Well I suppose since ICANN would get to pick the organization, they would
probably have a lot of hidden expenses (perhaps legal fees paid to
Jones Day) and wouldn't have to worry about losing the contract due to
poor performance. However there are competent groups that could run
the service cheaply and with good service.

> The TLD is kept up to date because the registrar you're working with
> 'pushes' the updates in to the registry.
>
> Thus, the NORMAL answer to your question, "how the TLD is kept up to
> date?" would be, as you suggest:
>
> "Registrars are sending changes."
>
> Why hasn't your update gone out yet? Dunno.

Many thanks Christopher for your explanations. It's all clear now.

And I know why my last changes were not updated: when changing my info at
my registrar for the secondary DNS I didn't specify the IP thinking that
my first operation yesterday night to "glue" ns.yturgeon.info to my IP
would have been enough for my registrar to locate ns2.yturgeon.info but it
seems it hasn't. I've had warning about being unable to resolve ns2 as I
had for ns previously but this time, with no IP to solve the problem,
probably that my registrar didn't send the info. I just added the IP for
ns2 (same as ns) and it has been updated in the TLD in a couple of secs.

I'll take a look at the links tomorrow.

Yannick