I am new to Google Cloud DNS service. While still trying to understand the features of this service, a question popped up that though Google doesn't allow a user to create duplicate DNS A records, but how does it ensures that any other user or same user for other project is also not able to create a duplicate record?
For example. My DNS record
mywebsite.example.com may point to I.P 192.168.0.1
What will happen if another user who is also using Google cloud DNS service, creates a similar record for his project with either a different i.p address or different domain address?
For example:
mywebsite.example.com --> 192.168.0.2
or
diffwebsite.example.com --> 192.168.0.1
How will DNS lookup resolve in either case since the domain (example.com) is registered with a common registrar? Please help.
There is always one entity (person, organization, something like that) that controls a zone in DNS. If Google has control of example.org (do not use mydomain.org as your example, it is a perfectly valid existing domain that belongs to someone else), Google can fill it with whatever information they want. If they want to let their customers add exactly one A record per name in it, that's a choice they can make. It's up to Google to make sure that they don't allow creation of records that cause problems for their customers.
If you own example.org, you can put whatever you feel like in it. If you chose to have 42 A record for a name, you can. Someone looking up that name will pick one of the records more or less at random. Nobody will police what IP addresses you put in your A records. You can have records containing absolutely any IP address at all. Nobody will police what names in the zone you create (within technical constraints). You can have an entire dictionary of foul language, if you want.
If someone you have no relationship with owns example.org, you have no influence on what names and records exist in that zone. It would not be a very good idea to rely on anything in it.
Possibly something here answers your question. Possibly not. Your question is a bit confused, to be honest.
I believe the key here is the difference between a 'Registrar' and a DNS. In Registrar you set the DNS to be publicly used on the rest of the internet for your domain. You can do this only when you are the owner of that domain. DNS is the translator from a domain name to an IP.
Having in account this concepts, you can have two situations:
1) You are a domain owner: You will have your domain setup on 'Registrar' and your site will be accessible from the internet. If you use it on a Cloud DNS zone you will be able also to use all the provided features. No one will be able to modify that information to redirect traffic to other IP but the owner itself.
2) You are not the domain owner: You can configure zones using domains that might be owned by other person, but they will not be publicly accessible by domain name, this zones will only work on internal bases.
Every Cloud DNS resource lives within a Google Cloud Platform project, therefore the possible overlapping of domains is controlled internally by Google Cloud on a Project permission bases, meaning that even if someone has a zone using a domain exactly as yours, it won't be able to modify it as it doesn't have access to your project, and if you are the domain owner the traffic will only go to the name servers ( not Cloud DNS) defined on Registrar that will redirect the requests to the right IP.
Related
Let's say I register the domain name mydomain.com using GoDaddy (or any other registrar). Then I immediately delegate the domain to Azure (i.e change the NS records for the domain to point to Azure's name servers). As far as I understand I would then use Azure's DNS admin tools exclusively to add/change/delete DNS records fot my domain.com.
But do I still need to have any type of relation with GoDaddy (or whichever registrar I used to register mydomain.com)? For example, if I would like to delegate my domain once more from Azure to some other nameserver would I do this through Azure or GoDaddy? Or when I need to renew my domain name, would I have to do this through GoDaddy? Or if my GoDaddy account is hacked, would mydomain.com be at risk somehow? Or would GoDaddy be involved with mydomain.com in some other way I haven't considered?
The registrar is still key in almost every situation.
They are the people you pay your subscription/fee for the domain name (normally every few yrs depending on the domain).
They are the 'tag' holder (in the case of .uk names some info here) which means they are the ones you have to approach if you wanted to move your actual name (and payment) to another registrar (e.g if you decided you didn't like GoDaddy any more you could move to Namesco, or someone else) .com domains have a similar setup
Renewals and any changes to the account or domain name would go via the registrar - this includes any further/new delegation you might do.
If your registrar account gets hacked then anything associated with that account is 'at risk' this includes the hijacking of the domain name to be pointed anywhere.
Your registrar is usually the controlling name server (Check the whois records) so any query would hit them first before any delegations you have in place.
You talked about further delegation of your domain; so presuming one day you decide to move from Azure to AWS (say) then you would go back to your registrar portal and update the NS records to point to your new IP(s) on your new host.
You can either you manage all your DNS via your registrar, or delegate the NS records (as you have already) and run your own DNS Server. In your setup you use the Azure (or whatever) tools to manage your actual records, but you would need to go back to the registrar to manage the NS records that controlled the delegation of the domain. You should note that not all registrar will allow the delegation of NS records and in effect 'force' you to use there own portal/DNS tools so check carefully.
The short of it is - you still have and must maintain any relationship
with the registrar.
I managed to get my custom subdomain name assigned to my Azure website, following this (very carefully):
link to azure custom domain name instructions
Is it necessary to keep the "awverify" DNS records after the custom domain names linkage has been established?
I deleted the awverify DNS record for the test subdomain, and was able to add another subdomain pointer to my azurewebsites test site.
Maybe I did not wait long enough. Does anyone else have any experience with this, to say one way or the other?
Not sure if I understand the issue you are running into... but the CNAME entry with the 'awverify' subdomain is used to "prove" to Azure that you own that domain when you are wiring up a custom domain name. Once that is established, you no longer need that.
Is there a way to hide the nameservers of my hosting provider in the public whois?
Regards
No, you can't hide such information. A few registries don't disclose them, but it's very limited number.
Some DNS providers offer a feature called "vanity name servers" that allow you to use custom name servers, if your purpose is to hide the name of the hosting provider to curious eyes.
Your question makes no sense over at least 2 points, and you should accept not to try pursuing something as pure vanity.
Here is why:
first whois is not the authoritative source on which nameservers are used for a given domain name, the DNS is;
and the DNS is public because otherwise if your nameservers are "hidden" then your domain name (like your website, emails, etc.) would not work at all.
And even if all the above would not be the case, your website ultimately resolve to an IP address and with just that information people could find out who is the hosting company. Which is why "vanity nameservers" do not help at all.
So there is no shame in having anyone know who hosts your website.
Or, if you are so ashamed of your hosting provider for whatever personal reasons, then it is time to switch, there are a lot of them.
You can reach out to your web host and request a private registration.
here is a link from godaddy.
https://support.godaddy.com/help/article/420/adding-private-registration-to-your-domain-names
The best way to mask your nameserver is using services like cloudflare. However, if you purchased your domain from Namecheap it will surely appear as the domain registrant. but cloudflare will change your nameservers to something link alexia.cloudflare.com
Cloudflare nameserver change will only work if you change your default nameservers to point to cloudflare, some hosting companies have partnership agreements with cloudflare which makes it possible to use the cloudflare services without changing your nameserver.
I am working with a company, developing and managing a web site for them.
I have control over the web servers, but the company is managing DNS for the domain.
Due to their security policy, the web servers are prohibited from issuing outbound email - they won't add the appropriate SPF/DKIM records to DNS to permit this. Instead, I've been told that they will "delegate" the authority of the domain to me by forwarding traffic to nameservers (of my choice), where I am responsible for creating new DNS records to handle that traffic. In these new DNS records, I would add in the appropriate SPF/DKIM records.
It is like I am managing the DNS, but the company still owns it.
The problem is very strange to me, and I am not familiar with the inner workings of nameservers. Is the relationship of a zone file to a domain name one-to-one? Would I need a second zone file registered somewhere to hold these new DNS records? Do I need direct control over the nameservers, or can I work with nameservers provided by a third-party hosting company?
Sorry for the lack of direction - this is new territory for me in a world that I'm already not that well-versed in.
Thanks in advance
The delegation is a DNS server owning a zone (ie. example.com) and announcing to everyone that a part of this zone (say deleg.example.com) is delegated to another DNS server which can define its own records as long as they are in the deleg.example.com zone.
In your case, it means that you will maintain a subdomain that will hold your NS and SPF/DKIM records. This subdomain behaves in a similar way as the main domain thus you will need a second DNS zone file (and another DNS server).
This is similar to what root servers do with top level domains (they own the com / net / whatever zones) and subdomains sold to companies / people (ie. google.com handles whatever lies in the google.com zone but does not affect the "com" zone).
I'm new at DNS world, did some readings in the Internet and wanted to know if I came to the right conclusions. I want to build a system where users are able to create new sub-domains of existing registered domains automatically:
My system provides services to different companies, these services are hosted in my system or some cloud provider. Lets call my system "services" and some company "company1". I want to offer "company1" my services and have its users access these services through "company1" new sub-domain, when "company1" has an already registered domain company1.com. I want "company1" admin user be able to control and choose the sub-domain via my system when he registers his company in my system, and have the whole thing automatic. If i understand correctly:
if the admin would want to use a sub-domain like services.company1.com this will be a problem since I would need to update the authoritative name-servers of company1.com which I don't know who they are, and even if I have a way to know them (and from reading a bit I see that I do have a way), I don't know if every such name server will allow such updates from some external source, connectivity issues etc
if the admin would like to use a sub-domain like company1.services.com then I can achieve this by having my own dns server which I will register the services.com domain for and actually manage all these company sub-domains in my own dns server. This means though that all companies will have to have a sub-domain under my domain services.com
Please correct me if I have a wrong view on how DNS works.
thanks!
services.company1.com
To provide this kind of domain name to your customer, you will need their collaboration. A lot of companies provides this kind of feature by asking you to point an alias (CNAME Record) to a specific server.
Examples of concrete usage
blog.company1.com. 3600 IN CNAME domains.tumblr.com.
shop.company1.com. 3600 IN CNAME myapp.herokuapp.com.
git.company1.com. 3600 IN CNAME bitbucket.org.
Here's some links to the documentation of companies offering this feature:
BitBucket
Heroku
Tumblr
Sample client zone file
So in your case your customer DNS zone will contain something like that:
services.company1.com. 3600 IN CNAME domains.services.com.
where domains.services.com. will be the server that handles the subdomain authentication
company1.services.com
To provide to your customers company1.services.com, you don't have to manage your own DNS server, you just have to be able to add a wildcard record to point all the subdomains to your application. It will be the role of your application to filter your service per subdomains.
Sample service zone file
For example (where 0.0.0.0 is your service IP address):
*.services.com. 3600 IN A 0.0.0.0