Which DNS zone anwsers query for the DNS domain itself? - dns

I am a co-maintainer of a slash-number network, which has a DNS domain sub.dom.tld assigned. The used name server is ISC bind 9. Everything is working as expected:
queries from inside and from outside that network for host.sub.dom.tld return the expected IP address
queries from inside and from outside that network for IP addresses within the network range return the correct FQDN.
I'm asking: which DNS zone would return the IP address for the DNS domain sub.dom.tld itself?
Is it the DNS zone dom.tld, which I do not control. Or is it the DNS zone sub.dom.tld, which I control. In case it is the latter, how would the syntax look like?
It is not clear to me how to specify it. The entries for individual hosts in the forward zone look like host IN A IPv4.

Related

Issue with different nslookup responses for CNAMEs referencing same A Record

I have a complex DNS environment, consisting of multiple DNS hosts (environment is not AD Integrated DNS) where I have 2 x CNAME records, in different DNS Zones, that both reference the same A record (in another zone, and hosted on a different DNS Server).
One of the CNAMES, when checked via nslookup, returns the A record name and its IP Address
The other CNAME when checked via nslookup only returns the A record name. it does not return the IP Address of the A record. Due to company security reasons, I cannot provide actual DNS names or server IPs, so I have substituted the relevant details as per below examples.
eg:
Hosted on DNS Server1 (Windows 2012R2)
CNAME 1 - bart.domain.com (points to marshall.pawpatrol.nicjunior.nickelodeon.domain.com)
CNAME 2 - bert.seasamestreet.domain.com (points to marshall.pawpatrol.nicjunior.nickelodeon.domain.com)
Hosted on F5 load balancer
A Record - marshall.pawpatrol.nicjunior.nickelodeon.domain.com, IP 10.23.1.10, TTL is 5 minutes
DNS Zone domain.com, seasamestreet.domain.com are hosted on DNS Server1.
DNS Zone nickelodeon.domain.com is a delegated zone on a Linux server (I do not manage it)
DNS Zone nicjunior.nickelodeon.domain.com is a delegated zone on another system (unknown OS as I do not manage it)
DNS zone pawpatrol.nicjunior.nickelodeon.domain.com is a delegated zone on an F5 load balancer (I do not manage it)
If bart.domain.com is queried, it returns the A record name & IP
if bert.seasamestreet.domain.com is queried, it only returns the A record name.
This happens regardless if I use nslookup or dig. Queries of the A record directly all return the name & IP Address, regardless of what DNS server I query.
Is someone able to explain why one CNAME would return the A record and IP, but the other CNAME doesn't?
I believe I have determined the cause of the error.
Found that in the domain.com.dns file (Windows server hosting the DNS record) that at the end of the A record the CNAME DNS record entry referenced was the characters "\012".
This is an ASCII character for Line Feed. Effectively the line read:
bert.seasamestreet.domain.com CNAME marshall.pawpatrol.nicjunior.nickelodeon.domain.com\012.
Removal of the characters "\012" and reloading the zone file resolved the issue.

Point domain to different server using A record

I built my clients website on a subfolder on my own server.
Example: www.site.com/myclient
I want to add a new record on my clients domain in order to load the site from my server.
I can't change his DNS because he want's to keep his email accounts and everything on his current server.
Should I just add a new A record on his domain zone pointing to my server IP?
One hostname can be mapped to multiple IP addresses.
Also, one hostname can be mapped to another hostname using 'CNAME' record. (Alias name record)
Mapping one IP address to multiple hostnames will cause errors.
I believe that the best solution in this scenario is to create a unique virtual (loopback) IP address in your server and map that IP to the client hostname.

GCP /etc/resolv.conf is not using on-prem DNS servers

in a GCP Redhat VM, I added one of our on-premises DNS host to /etc/resolv.conf. I added the DNS IP after 169.254.169.254.
When I try nslookup/ping a host that belongs to on-premises DNS, it does not resolve the hostname. Wireshark shows that it does not lookup beyond 169.254.169.254.
When I switch the IPs in /etc/resolv.conf and put my IP first, then the host on prem works, but GCP VM host name don't. In this case, 169.254.169.254 is used, but none of the domains in the search list is used.
my understanding is that every DNS ip will be used to resolve the hostname, also every domain in the search list will be used in the process. but this does not seem to be the case here.

How forward and reverse DNS works

What I understand about how DNS works is like this: first let's assume mydomain.com has the IP address 12.34.56.78. Now when I put the url mydomain.com in the browser, the browser sends a dns lookup to its local dns server, asking, hey, do you know the ip address for mydomain.com. If the local dns server does not know about it, it will ask the parent dns servers, if the parent also does not know, then it keeps asking all the way up until the root dns server. The root dns server will ask some server in charge of the .com tld. The dns server in charge of the .com will have knowledge about mydomain.com because mydomain.com is the .com family. Then the answer will be returned back to the initial asker. Also the answer quite likely will be cached in the dns servers involved in the asking process. Would anyone correct my understanding if it is wrong.
So my real question is about how reverse dns lookup works. Let's say if I want to find out what domain name is for the ip 12.34.56.78. I run the command dig -x 12.34.56.78. If my local dns server does not know the answer, which server does it further ask? Is it 12.in-addr.arpa., or 34.12.in-addr.arpa.? If this is the case, are these names like 12.in-addr.arpa. valid domain names? And where should they be deployed so that the reverse lookup requests will know whom to ask?
How a reverse DNS lookup is accomplished:
The DNS resolver reverses the IP, and adds it to ".in-addr.arpa" (or ".ip6.arpa" for IPv6 lookups), turning 192.0.2.25 into 25.2.0.192.in-addr.arpa.
The DNS resolver then looks up the PTR record for 25.2.0.192.in-addr.arpa.
The DNS resolver asks the root servers for the PTR record for 25.2.0.192.in-addr.arpa.
The root servers refer the DNS resolver to the DNS servers in charge of the Class A range (192.in-addr.arpa, which covers all IPs that begin with 192).
In almost all cases, the root servers will refer the DNS resolver to a "RIR" ("Regional Internet Registry"). These are the organizations that allocate IPs. In general, ARIN handles North American IPs, APNIC handles Asian-Pacific IPs, and RIPE handles European IPs.
The DNS resolver will ask the ARIN DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The ARIN DNS servers will refer the DNS resolver to the DNS servers of the organization that was originally given the IP range. These are usually the DNS servers of your ISP, or their bandwidth provider.
The DNS resolver will ask the ISP's DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The ISP's DNS servers will refer the DNS resolver to the organization's DNS servers.
The DNS resolver will ask the organization's DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The organization's DNS servers will respond with "host.example.com".
Source here.

Ping Command and Domains

I always thought a domain was a collection of machines related in some way. When I ping a domain name, like google.com, how come just one IP address is returned? What is this IP referring to?
To quote centos.org BIND documentation:
Zone File Resource Records
...
A — Address record, which specifies an IP address to assign to a name.
<host> IN A <IP-address>
Figure 14-7. Sample A record configuration
If the <host> value is omitted, then an A record points to a default IP address for the top of the namespace. This system will be the target of all non-FQDN requests.
Consider the following A record examples for the domain.com zone file:
IN A 10.0.1.3
server1 IN A 10.0.1.5
In the above, 10.0.1.3 is the IP of the domain. E.g. if the above was the zone file for domain example.com, ping example.com would ping 10.0.1.3. Each domain has this "default" IP address and, as is the case with server1 above, other IPs.
As a side note, you can have multiple IPs pointed by the same DNS name - this is used for load balancing (see e.g. this or this). To see this, doo nslookup google.com.
A domain name is simply a human-friendly pointer to an IP address.
The IP address is referring to the address of the machine that particular domain name points to. This is determined by using DNS.
Some larger domains, like google.com, do indeed have many IP addresses associated with them, for redundancy reasons. Because these additional IP addresses are assumed to return the same content, most programs, including ping, just return an arbitrary one. If you wanted to see all these IP address, you can use the dig program.

Resources