Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: add new domain  (Read 2879 times)

kroerig

  • Newbie
  • *
  • Posts: 3
    • View Profile
add new domain
« on: May 17, 2013, 03:15:40 AM »

Hello,

I try to add a subdomain for use with dynamic DNS. I delegated a subdomain to HE DNS server, but I cannot add it.

Code: [Select]
kroerig@hosting01:~$ dig NS dynamic.roerig-it.com

; <<>> DiG 9.8.1-P1 <<>> NS dynamic.roerig-it.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43974
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dynamic.roerig-it.com.         IN      NS

;; ANSWER SECTION:
dynamic.roerig-it.com.  86400   IN      NS      ns5.he.net.
dynamic.roerig-it.com.  86400   IN      NS      ns4.he.net.
dynamic.roerig-it.com.  86400   IN      NS      ns2.he.net.
dynamic.roerig-it.com.  86400   IN      NS      ns3.he.net.
dynamic.roerig-it.com.  86400   IN      NS      ns1.he.net.

;; Query time: 129 msec
;; SERVER: 213.133.99.99#53(213.133.99.99)
;; WHEN: Fri May 17 12:12:51 2013
;; MSG SIZE  rcvd: 117

Error message:
Quote
Zone failed validation test. ERROR: Delegation was not found. Please delegate to ns1, ns2, ns3, ns4 and ns5.he.net then retry. (roerig-it.com / dynamic.roerig-it.com).

Bug or works as designed?

Klaus
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 952
    • View Profile
Re: add new domain
« Reply #1 on: May 17, 2013, 03:23:12 PM »

Bug or works as designed?
I think your delegation configuration looks strange. You do have NS records for the subdomain, but ns1.roerig-it.net and ns2.roerig-it.net still consider themselves authoritative for the subdomain.

So when trying to lookup random.dynamic.roerig-it.com, the following happens:
  • The gtld servers, which are authoritative for com delegates to ns1.roerig-it.net and ns2.roerig-it.net.
  • Recursive resolver queries ns1.roerig-it.net or ns2.roerig-it.net.
  • nsx.roerig-it.net. does not delegate to HE, but instead replies with an authoritative NXDOMAIN response.

When doing dig -t any dynamic.roerig-it.com I get a response with not just your NS records, but also a SOA record indicating ns1.roerig-it.net. is authoritative. Maybe you need to fix that SOA record, to make it work.
Logged