 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 2000-12-28 at 08:51 -0500, John Abreau wrote: > On 27 Dec 2000, Derek Atkins wrote: > > > There are two separate registrations that need to take place. > > > > 1) You need to register your DNS Servers in HST records. > > 2) You need to register your Domain Name (as a DOMAIN record) > > > > Only valid HST records can be used as DNS servers. If your DNS > > servers are not registered HSTs, then you cannot refer to them in your > > DOMAIN record. Unfortunately submitting a DOMAIN request will not > > automatically create the HST records. > > Thanks; that's the detail I was unaware of. I should read this list more often. Technically, the registrar is supposed to create the host records for you. A host record results in the establishment of a non-authoritative glue record being pushed out to the root servers. This also means that administration of the host records has to be handled directly by the registry, not the registrar, since otherwise there would be no way to have the same host shared as a name server by different domains registered with different registrars. Derek's terminology is correct within the scope of activity of Network Solutions in their capacity as a registrar. It is not quite the same in their capacity as the registry. There are major security implications to this issue. If someone were to register a host to act as a name server, which meant that the root servers would know about it in a non-authoritative way, then the general public would likely get its IP address from the glue records rather than from the authoritative server. The end result of this could be to hide all of a domain's mail or web servers from the public. We have actually had this happen twice (due to errors, not malice) and in neither case was the ISP responsible able to diagnose it until we were called in. -- Mike - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
