add note on delegation

2017-10-03 16:21:51 -06:00 · 2017-10-03 16:21:51 -06:00 · 8131de4a08
parent e52e45641e
commit 8131de4a08
1 changed files with 168 additions and 0 deletions
--- a/HOW_DELEGATION_WORKS.md
+++ b/HOW_DELEGATION_WORKS.md
@ -0,0 +1,168 @@
+DNS Delegation
+==============
+
+Tracing NS records trying to understand DNS delegation better.
+
+Root Servers
+------------
+
+The root servers will return the TLD records for any domain
+
+```bash
+dig A @m.root-servers.net www.example.daplie.me
+```
+
+```
+; <<>> DiG 9.8.3-P1 <<>> A @m.root-servers.net www.aj.daplie.me
+; (1 server found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34843
+;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 10
+;; WARNING: recursion requested but not available
+
+;; QUESTION SECTION:
+;www.aj.daplie.me.		IN	A
+
+;; AUTHORITY SECTION:
+me.			172800	IN	NS	c0.nic.me.
+me.			172800	IN	NS	b0.nic.me.
+me.			172800	IN	NS	a0.nic.me.
+me.			172800	IN	NS	b2.nic.me.
+me.			172800	IN	NS	a2.nic.me.
+
+;; ADDITIONAL SECTION:
+a0.nic.me.		172800	IN	A	199.253.59.1
+a2.nic.me.		172800	IN	A	199.249.119.1
+b0.nic.me.		172800	IN	A	199.253.60.1
+b2.nic.me.		172800	IN	A	199.249.127.1
+c0.nic.me.		172800	IN	A	199.253.61.1
+a0.nic.me.		172800	IN	AAAA	2001:500:53::1
+a2.nic.me.		172800	IN	AAAA	2001:500:47::1
+b0.nic.me.		172800	IN	AAAA	2001:500:54::1
+b2.nic.me.		172800	IN	AAAA	2001:500:4f::1
+c0.nic.me.		172800	IN	AAAA	2001:500:55::1
+
+;; Query time: 141 msec
+;; SERVER: 202.12.27.33#53(202.12.27.33)
+;; WHEN: Tue Oct  3 15:47:25 2017
+;; MSG SIZE  rcvd: 343
+```
+
+GTLD Servers
+------------
+
+The GTLD Servers will return the glue records for the nameserver which hosts the SLD in question
+
+```bash
+dig A @b0.nic.me www.aj.daplie.me
+```
+
+```
+; <<>> DiG 9.8.3-P1 <<>> A @b0.nic.me www.aj.daplie.me
+; (1 server found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52062
+;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
+;; WARNING: recursion requested but not available
+
+;; QUESTION SECTION:
+;www.aj.daplie.me.		IN	A
+
+;; AUTHORITY SECTION:
+daplie.me.		86400	IN	NS	ns2.redirect-www.org.
+daplie.me.		86400	IN	NS	ns1.redirect-www.org.
+
+;; Query time: 29 msec
+;; SERVER: 199.253.60.1#53(199.253.60.1)
+;; WHEN: Tue Oct  3 15:48:41 2017
+;; MSG SIZE  rcvd: 86
+```
+
+If the nameserver were "in bailiwick" then it's A/AAAA records would be returned in an additional section.
+
+SLD Nameservers
+---------------
+
+There are three main conditions:
+
+* Exists
+* Doesn't exist (but lives here)
+* Delegated
+
+There's also the condition of *"doesn't exist (and doesn't live here)"*, but we'll save that for another day
+(or try `dig @ns1.google.com A yahoo.com`).
+
+### Exists
+
+```bash
+dig A @ns2.redirect-www.org www.aj.daplie.me
+```
+
+```
+; <<>> DiG 9.8.3-P1 <<>> A @ns2.redirect-www.org www.aj.daplie.me
+; (1 server found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52373
+;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
+;; WARNING: recursion requested but not available
+
+;; QUESTION SECTION:
+;www.aj.daplie.me.		IN	A
+
+;; ANSWER SECTION:
+www.aj.daplie.me.	300	IN	A	45.56.59.142
+
+;; Query time: 83 msec
+;; SERVER: 66.172.33.29#53(66.172.33.29)
+;; WHEN: Tue Oct  3 15:57:14 2017
+;; MSG SIZE  rcvd: 50
+```
+
+### Doesn't Exist (but would)
+
+```bash
+dig A @ns2.redirect-www.org doesntexist.aj.daplie.me
+```
+
+```
+; <<>> DiG 9.8.3-P1 <<>> A @ns2.redirect-www.org doesntexist.aj.daplie.me
+; (1 server found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19993
+;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
+;; WARNING: recursion requested but not available
+
+;; QUESTION SECTION:
+;doesntexist.aj.daplie.me.	IN	A
+
+;; AUTHORITY SECTION:
+daplie.me.		1	IN	SOA	ns1.redirect-www.org. hostmaster.daplie.me. 2017020100 10800 3600 1209600 1800
+
+;; Query time: 68 msec
+;; SERVER: 66.172.33.29#53(66.172.33.29)
+;; WHEN: Tue Oct  3 15:59:25 2017
+;; MSG SIZE  rcvd: 109
+```
+
+### Delegated Subdomain
+
+Should look something like this, I'm pretty sure:
+
+```
+;; QUESTION SECTION:
+;john.daplie.me.		IN	A
+
+;; AUTHORITY SECTION:
+john.daplie.me.		86400	IN	NS	ns2.dns-host.org.
+john.daplie.me.		86400	IN	NS	ns1.dns-host.org.
+```
+
+I think that in practice anything matching `*.john.daplie.me` would be delegated,
+but I but you could do something weird like host `whatever.john.daplie.me` on the original
+nameserver by A) answering to it directly on the main nameserver and B) delegating
+from `whatever.john.daplie.me` back to the original nameserver in case the resolving
+client makes intelligent assumptions and caching.