• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

FreeDNS delegation deadlock when creating zone

Started by renne, December 02, 2012, 10:43:25 AM

Previous topic - Next topic

renne

1. FreeDNS demands domains to be delegated to the HE nameservers BEFORE a zone can be created on the HE nameservers.
2. DENIC registry demands zones to be created correctly on the nameservers BEFORE a domain can be delegated to the nameservers.
3. This causes a nasty deadlock when one tries to delegate a de-domain or german ENUM-domain to the HE nameservers.

Is there any way out of that deadlock?  :'(

Thanx for any hint!  :)

kasperd

Quote from: renne on December 02, 2012, 10:43:25 AMFreeDNS demands domains to be delegated to the HE nameservers BEFORE a zone can be created on the HE nameservers.
That requirement makes no sense. For new domains, the order isn't important. For existing domains being transferred, the proper order is to create the zone on the new servers before doing any delegation.

renne

Quote from: kasperd on December 03, 2012, 05:26:31 AM
That requirement makes no sense. For new domains, the order isn't important. For existing domains being transferred, the proper order is to create the zone on the new servers before doing any delegation.

Unfortunately the FreeDNS webinterface doesn't seem to know that:
Zone failed validation test. ERROR: Delegation was not found. Please delegate to ns1, ns2, ns3, ns4 and ns5.he.net then retry. (openenum.eu / X.X.X.X.X.X.X.X.X.X.9.4.openenum.eu).
(Digits replaced by 'X')

kasperd

I am not using HE DNS for anything other than reverse DNS for IPv6 tunnels, which are set up automatically. Thus I don't know what to fill in on the webforms when doing the delegation. In other words, I don't have the context to explain what that error message means. Maybe somebody else can explain a few more details, otherwise you may have to open a support ticket.

broquea

Guessing FreeDNS is the registrar? Strange requirements, but email dnsadmin@he.net and they might be able to help with this weird lockout situation.

renne

Quote from: broquea on December 03, 2012, 09:47:57 AM
Guessing FreeDNS is the registrar? Strange requirements, but email dnsadmin@he.net and they might be able to help with this weird lockout situation.

Hurricane Electrics FreeDNS = nameservers
EURid                               = registry

broquea

Why would a completely unrelated to domain registration dns hosting company need the zone delegated to dns.he.net, that is what makes the least amount of sense. Unless this was a subdomain?

renne

Quote from: broquea on December 03, 2012, 11:47:41 AM
Why would a completely unrelated to domain registration dns hosting company need the zone delegated to dns.he.net, that is what makes the least amount of sense. Unless this was a subdomain?

1. EURid is the registry of the top-level domain ".eu".
2. Portunity is the registrar of the domain "X.X.X.X.X.X.X.X.X.X.9.4.openenum.eu".
3. I'm the registrant of the domain "X.X.X.X.X.X.X.X.X.X.9.4.openenum.eu".

By default Portunity provides primary and secondary nameservers, but only for a few NAPTR-RRs, nothing else.

So I want to register the HE nameservers directly as primary and secondary nameservers of "X.X.X.X.X.X.X.X.X.X.9.4.openenum.eu" with EURid. Portunity will only do the billing.

But BEFORE delegation, the HE nameservers are checked for valid zones, which can't be set up as the HE nameservers demand the delegation of the domain BEFORE the zone can be set up.

Neither HE nor EURid want to do the first step -> deadlock situation :(

broquea


renne

Quote from: broquea on December 03, 2012, 12:37:11 PM
And so by now you've emailed dnsadmin@he.net right?

Did that on 09/26/2012, received a reply on 10/08/2012 in which they asked for my account info and my exact steps to reproduce the situation. But I never got a reply to the mail I sent with account info and detailed information. :-(

ravenstar

Who supplied your domain name?

As far as I can see FreeDNS is simply a DNS Provider, they don't provide the domain names themselves.

You need to go back to the your Registrar (i.e the people who supplied the domain name), there is usually a page allowing you to point the Domains Nameservers to your chosen DNS provider.

You would then point these to either he's or FreeDNS's nameservers.

Ravenstar

renne

Quote from: ravenstar on December 09, 2012, 10:27:34 PM
Who supplied your domain name?

Quote from: renne on December 03, 2012, 12:33:53 PM
1. EURid is the registry of the top-level domain ".eu".
2. Portunity is the registrar of the domain "X.X.X.X.X.X.X.X.X.X.9.4.openenum.eu".
3. I'm the registrant of the domain "X.X.X.X.X.X.X.X.X.X.9.4.openenum.eu".

Quote from: ravenstar on December 09, 2012, 10:27:34 PM
As far as I can see FreeDNS is simply a DNS Provider, they don't provide the domain names themselves.

You need to go back to the your Registrar (i.e the people who supplied the domain name), there is usually a page allowing you to point the Domains Nameservers to your chosen DNS provider.

You would then point these to either he's or FreeDNS's nameservers.

Ravenstar

That's what I'm trying to do. But when pointing to the Hurricane Electrics nameservers (=Delegation), the zone MUST ALREADY EXIST on the HE nameservers. Otherwise the registry doesn't set up the delegation. But HE only allows to create the zone on their nameservers when the delegation is ALREADY ACTIVE.  :(

kasperd

Quote from: renne on December 09, 2012, 11:44:43 PMBut when pointing to the Hurricane Electrics nameservers (=Delegation), the zone MUST ALREADY EXIST on the HE nameservers. Otherwise the registry doesn't set up the delegation.
That is a reasonable requirement. Doing it in the other order would cause the zone to be broken for a few days during the transition.

Quote from: renne on December 09, 2012, 11:44:43 PMBut HE only allows to create the zone on their nameservers when the delegation is ALREADY ACTIVE.
This is completely unreasonable. I can think of only two explanation, either HE don't know how DNS is supposed to be operated, or you have misunderstood the requirements.

The requirement you state would be reasonable for a new zone, but absolutely not for an existing zone being transferred. For an existing zone it might make sense to require that the zone can be transferred from the old nameservers to the new nameservers.

One step, which I would try, is to create NS records pointing to the HE nameservers. Once those NS records have been created, you may be able to create the zone on the HE nameservers.

ravenstar

OK

I may be missing something, but first of all why are we talking about both FreeDNS and he.net nameservers.  You should be using one or the other but not both.

Are we talking about reverse or forward zones or both.

If reverse then the zones delegation is initially handled from the tunnelbroker.net account.  Log in and click the link showing your tunnel.
At the bottom of the page you will see the rDNS delegations click Edit and then either click Delegate to dns.he.net or add the servers for FreeDNS (ns1.afraid.org through to ns4.afraid.org) into the boxes and click save.

If you choose the Delegate to dns.he.net then it will also add the reverse zone for your /64 automatically.  With FreeDNS you click on the IPv6 reverse link.

The forward zones don't initially require the nameservers for your domain to set it up.  In both dns.he.net and FreeDNS I was able to set up the forward zones and then point my domains to the relevant providers nameservers afterwards.

I don't understand why Portunity are making it difficult to change the nameservers, these are after all just pointers to the relevant locations.

Ravenstar68

passport123

Quote from: renne on December 02, 2012, 10:43:25 AM
1. FreeDNS demands domains to be delegated to the HE nameservers BEFORE a zone can be created on the HE nameservers.
2. DENIC registry demands zones to be created correctly on the nameservers BEFORE a domain can be delegated to the nameservers.
3. This causes a nasty deadlock when one tries to delegate a de-domain or german ENUM-domain to the HE nameservers.

Is there any way out of that deadlock?  :'(

Thanx for any hint!  :)


When I transferred a doman to FreeDNS a few days ago, I ran into the same deadlock.  Then I looked around on the page on FreeDNS and I saw an option to "force" the creation of the zone on FreeeDNS.   

I don't have a domain to transfer, so I cannot get back to that page to find the exact wording or location of the link on the page.  But it is there, and I was able use it to get around the deadlock.

If you cannot find it, try sending an email to FreeDNS support, explaining your situation.