Sunday, August 2, 2015

domain name system - DNS errors after changing nameservers for Cloudflare



I don't know if this is the right place for my question, but I have a problem with my DNS/nameservers after changing the nameservers. I'm not sure if it is a problem at my side or at my webhost.



I updated the DNS Zone Records in the Control Panel of my webhosting provider to the ones provided by Cloudflare.
After that there are two nameservers:



NS  elle.ns.cloudflare.com  
NS  lloyd.ns.cloudflare.com



The site is still alive, but when I check the DNS (http://www.intodns.com) I have the following errors:



enter image description here



Pingdom also tells me:




  • Superfluous name server listed at parent: ns1.mijnhostingpartner.nl


  • Superfluous name server listed at parent: ns2.mijnhostingpartner.nl

  • Superfluous name server listed at parent: ns3.mijnhostingpartner.nl 2

  • different serials found. 2 different SOA records found. Could not

  • find reverse address for (4 times)



Could someone please help me? Cloudflare also says that the installation is not correct.
Thanks!


Answer



The error messages and the referenced RFC2181 5.4.1 pretty much already tells what's wrong: you are having conflicting NS records in your zone and in the parent zone as "glue" records.





"Glue" above includes any record in a zone file that is not
properly part of that zone, including nameserver records of
delegated sub- zones (NS records), address records that accompany
those NS records (A, AAAA, etc), and any other stray data that
might appear.




It is not enough to change the NS records in the zone file, but you should also change them at your domain registrar. Then, they are added in the TLD's zone in order to delegate the control over your sub-zone. Here, example.com. is a sub-zone of com. that is a sub-zone of ., the root.




Why are these "glue" records necessary? They prevent circular references. If you think DNS queries as a conversation between DNS servers, a circular reference could be:




  • Hello, NS of com.! Do you know, what is the name server for example.com.?

  • Sure I do! It's ns1.example.com..

  • Thanks bro! What is the IP address of this ns1.example.com.?

  • I don't know, you should ask from the name server of example.com..

  • Ok, what is the name server for example.com.?




Therefore, the previous level zone must include the IP addresses of the nameservers, too.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...