Suppose that I own example.com that is served by my own DNS server and I can create every records that I want.
Now imagine that one of my friends get a new domain called new-domain.com and I want to help him manage his domain with his own DNS server.
So in my dns system for example.com, I create two A records as:
my.ns1.example.com -> some.ip.addr
and
my.ns2.example.com -> some.ip.addr
(some.ip.addr is the ip address of his DNS server)
and ask him to set my.ns1.example.com and my.ns2.example.com as name servers for his domain.
But he cannot set them because it gets invalid nameserver error!
Its my understanding that because example.com is working properly in DNS system and thus my.ns1.example.com and my.ns2.example.com are resolved to the IP address properly, so nothing can prevent them to be used as nameservers.
I searched around and found that some people say the nameservers should be registered. I understand registering when we have to ask for setting glue records, but for this case I have no idea why would we need to register those name.
To be more specific with real life example, why would jobs.ns.cloudflare.com is a valid nameserver but www.cloudflare.com is not?
I asked the same question on serverfault.com with this link
There, I quote important part of the answer here,
From a pure DNS perspective, an authoritative nameserver (such as those for com) should not perform any kind of recursion to learn the IP address of the nameservers that are defined in your example.com zone. Instead, the registry permits registrars to add glue records to the com domain, and those registrars can provide a user interface so that the owners of the domains that these custom nameservers live in can do so. (example: Namecheap - How do I register personal nameservers for my domain?)
(To address the elephant in the room...no, these glue records are not strictly required. But policies are policies, and if the registrar interface requires the registry level glue to be present, you have little choice in the matter.)
While the answer does not answer my updated part of the question, I picked it as the answer and decided to ask another question.
The problem does not lie in the names: my.ns1.example.com and my.ns2.example.com are fine.
The registry, and sometimes even the registrar, normally perform a few checks before approving a nameserver change. If your nameservers are rejected as invalid they are most likely not yet correctly configured for your friend's domain. I mean, the servers at my.ns1.example.com and my.ns2.example.com do not contain the minimum required records for new-domain.com.
That said, the registrar support team should be able to provide more details: if it's them who reject the change they should let you know what part of the automatic tests fails and even provide the test output so you can see by yourself. On the other hand, if they just pass the change to the registry (your friend should see a "operation pending at registry level" notice in his control panel for some time) they could do the extra effort of helping you out by providing hints based on their experience with that particular TLD. That is, if your friend didn't grab a promo offer in the 0.99$-5.99$ a year range for the domain: if he pays them something in the 20$-50$ a year range then he should expect and demand a proper, helpful support. I use one of the cheapest registrars and if my nameserver change gets rejected I still get a full report:
Dear customer,
The registry did not accept the nameservers you tried assigning to
new-domain.com because they did not pass the registry tests. Please
check the report we got from the registry below, fix the errors
and try assigning the nameservers again.
Nameservers Resolvable Test: ERROR
my.ns1.example.com. ERROR Unresolvable host my.ns1.example.com.
my.ns2.example.com. ERROR Unresolvable host my.ns2.example.com.
my.ns3.example.com. OK
my.ns4.example.com. OK
SOAQueryAnswerTest: ERROR
my.ns1.example.com. ERROR java.net.SocketTimeoutException
my.ns2.example.com. ERROR java.net.SocketTimeoutException
my.ns3.example.com. OK
my.ns4.example.com. OK
... ... ...
Update: The OP posted an update saying that as soon as the nameservers were registered with the registry, they were accepted in his friend's control panel. It appears that particular registrar checks for glue records and rejects the nameservers if they have none. This is an unnecessary check because glue records are only needed if the nameservers are within the same domain they serve, as explained in these questions. Registrars usually explain this very clearly or at least mention this above the nameserver change form:
Please note that in most cases the ip address is not required and will actually be ignored. It is only necessary if the nameservers you are entering are sub-domains of the selected domain (also called custom nameservers or vanity nameservers).
We can conclude that the friend's registrar performs an unnecessary blocking test and does not respond to user inquiries in a helpful matter. Since the OP has the following need (citation from his updated post on serverfault):
I need to be able to create dynamic nameservers programmatically and ask my users to enter their specific nameservers for their domains in their registrars.
I warmly recommend he does some research looking for a decent and reasonably priced registrar he can point his customers/friends to in case they have any issues with their current ones.
Related
We are whitelabeling some website software, but in order to use it, our clients must point their domains to the software's nameservers. We'll say ns1.softwareco.com and ns2.softwareco.com.
Since we're whitelabeling, I don't want our clients to see Software Co's name in the name servers.
I could easily mirror Software Co's DNS settings, but if Software Co updates them in the future, my settings would be incorrect.
Is it possible to just point my nameservers ns1.whitelabelco.com and ns2.whitelabelco.com to Software Co's nameservers?
Your best way of achieving this is to follow the lead of other companies.
For example, if you look at how github allows the configuring of custom domain names for their pages product. Which is whitelabelling in effect.
The two options you have are basically, that you have a static IP address that will last for the lifetime of your service. Which would mean you would need to buy that address, complete with a contract to ensure it didn't need to be changed. You could place that address infront of load balancers etc, so it could be directed to multiple servers at the backend (even multiple locations)
The simpler option is to offer a CNAME redirection to your clients.
You tell your clients that you have service.example.com and they should point their servers to that with a CNAME record. so their clients will see www.domain.com but that will be redirected to your site.
The downside of a CNAME record over an IP Address, is that the end user can see that it is a whitelabel product. The problem is that DNS is an open system, and no matter what you do with it the end user will be able to see what you've done and find out that you are hosting that site.
The only way around that is to use an IP Address.
This is a code example from MSDN: getaddrinfo.
You can use "baidu.com" and "www.baidu.com" to test.
Because baidu.com and www.baidu.com are different addresses!
www.example.com is registered in DNS with an A type record (or a CNAME, which points to an A record - this is slightly simplified) An A record is a name, in this case www that points to an IP Address 12.34.56.78. (as I'm sure you already know!)
example.com can also have an A record registered (though not a CNAME) this is called the Apex (or naked!) domain. example.com's A record could very well point to 123.45.67.89
A little history
Part of the reason that this came about, is that in the early days of the internet, a server would have a hostname of something like LOCUS.UC.EDU because it can be difficult to know what services LOCUS might provide. you could attach the CNAME FTP.UC.EDU to point to that machine. that way people knew what services it offered. at that point, www was just another service, it had no special place in the collective consciousness. (all of this was happening over the decade or two that the internet was developing!) but you could also quite probably want bob#UC.EDU to work. so UC.EDU needed to be a host name also
In actual fact it started with just the hostname (and host records that got telexed - I do love that fact) - but we'll ignore that for this case.
back to the facts
What usually - should - happen is that there is an A record registered at the Apex and a CNAME registered at www But there is certainly no requirement for this and you can have whatever records you wish at your domain.
When my site goes down, I want to change my registrar DNS settings to
point to (for example):
ns1.this_site_is_down.com
ns2.this_site_is_down.com
ns3.this_site_is_down.com
ns4.this_site_is_down.com
where these nameservers would return a fixed IP with a low TTL for all
queries (or even a CNAME), and a webpage on that IP address would read
something like:
The owner of this website knows it is down and is working to fix
it. Once the site is fixed, you will no longer see this message.
To use this service, set your DNS servers to ... [as above]
Does such a service exist?
I realize this system wouldn't be perfect, but it would be useful.
DNS and "site is offline" messages
discusses creating your own 2nd nameserver to do this, but I'm looking
to do this with an existing service/server.
It doesn't exist for A records or CNAME records (the closest you can get here is using a round robin, but that doesn't solve your issue).
Your looking for a priority tag, which exists in MX only records.
I'm afraid your best option is just on the servers send out a 503 error with a HTML page as the ErrorDocument.
Clearly I don't know much about DNS, so bear with me on this issue, which has been puzzling me me for a while.
Some WHOIS records show (say) ns1.example.com and ns2.example.com as name servers for example.com. Then how is the actual IP address found? Isn't this circular?
This question probably belongs on Severfault rather than Stackoverflow, but for the explanation you should read about glue records.
Name servers in delegations are
identified by name, rather than by IP
address. This means that a resolving
name server must issue another DNS
request to find out the IP address of
the server to which it has been
referred. If the name given in the
delegation is a subdomain of the
domain for which the delegation is
being provided, there is a circular
dependency. In this case the
nameserver providing the delegation
must also provide one or more IP
addresses for the authoritative
nameserver mentioned in the
delegation. This information is called
glue. The delegating name server
provides this glue in the form of
records in the additional section of
the DNS response, and provides the
delegation in the answer section of
the response.
There is also a nice explanation in this FAQ.
I hope this is taken the right way, but have a good read at this, particularly the section on "Domain Name Space" (even more specifically, "Domain name formulation").
http://en.wikipedia.org/wiki/Domain_Name_System
It explains the way in which a name is resolved and way, way more.
I currently have my own domain name and dedicated server and I offer different packages to my clients. What I want to be able to do is have them sign up with my website and create a package automatically that they can access via their username as a subdomain e.g.
http://yourusername.mywebsite.com
I currently have DNS entries set up for various subdomains with real information for my website e.g.
Name Type IP Address
# A 1.2.3.4
bugs A 1.2.3.4
support A 1.2.3.4
However, if a new customer signs up at the moment I have to go and manually create an entry for them with their username in it.
I'm sure I've seen websites that manage to do this automatically, does anyone have any ideas how, or any other methods that I should be using?
Thanks,
Mark
Since you apparently do not control the name servers, your choices are quite limited. One possibility is to use a wildcard DNS record:
* A 192.0.2.1
where the star will replace every name. Not ideal (inexisting domains will also appear).
The details depend on which DNS server you're using.
One approach is to have some code that opens the DNS zone file and adds the desired records. On Linux with Bind, you will then need to signal the server to get it re-read the zone file.
With Simple DNS Plus, you can easily add such a DNS record through the included HTTP API. For example:
http://127.0.0.1:8053/updatehost?host=yourusername.mywebsite.com&data=1.2.3.4
Since you apparently do not control the name servers, your choices are quite limited. Nevertheless, every serious DNS hoster provide you with a API (see for instance Slicehost's API). So, you may use this API and write a small program to update the DNS data.
(Foot note: handling paying customers when you do not even control the name servers seem... bad)