In an answer to my previous question I noticed these lines:
It's normally this last stage of delegation that is broken with most
home user setups. They have gone through the process of buying a
domain with a registrar/service provider, but have then failed to
configure the domain to point the delegation to their own name
servers. You actually have to tell the registrar where your
nameservers are before they can put glue records in place to get your
step of the delegation to work.
What is a DNS Delegation? How does it work? A full explanation for the hypothetical domain abc.com
would be helpful.
Best Answer
In physical terms, delegation is very similar to how a manager will delegate responsibility of tasks to his staff. The results are the same, however more than one person was involved in the process. The manager receives the request for work, passes on the responsibility to another member of staff and either the staff member or the manager returns with the work results. This is all on the proviso that the work the staff member does is actually correct and is what the original requester asked for (or that the requester actually asked for something that was valid in the first place!).
With DNS delegation, it is pretty similar. When the
com
name servers are asked for the place to find authority of the zoneexample.com
, they often delegate this work off to separate name servers (in fact in the vast majority of cases, they do in fact delegate the response to other name servers). When you first register a domain, say ourexample.com
domain, this is often done through a third party called a registrar. It is common practice by registrars to put in their name servers for the delegation and to serve a default zone from those name servers. This default zone includes the basic requirements to serve that zone on the internet (theSOA
,NS
andA
records associated to those NS records).Obviously if you yourself want to take control of the authority of the domain, you have to ask the registrar to delegate the domain to your nameserver instead. Different registrars refer to this in process in different ways, 'change nameservers', 'use third party DNS', 'Add Glue records' and so on. The mechanism underneath remains the same. You provide, generally, 2 or more "name server names" (for example
ns0.example.com
andns1.example.com
) and the IP addresses at whichns0
andns1
are. They then process the request and the delegation is pointed away from your registrar to the nameservers you provided.In technical terms, it's at this point you have to ensure your nameservers are up and running, serving the domain
example.com
, with a minimum of anSOA
(start of authority record), 1 or moreNS
records and theA
records (the IPs) that these NS records are resolved from:(I've picked somewhat arbitrary values for the SOA values, the names for the NS records and the IPs those nameservers resolve to). These will all have to reflect the zone for which you are serving.
This DNS service has to be visible from anywhere on the internet, and not be firewalled (that is port 53 udp and tcp inbound have to be allowed). Also your service provider must not block that port either (which some providers do block inbound traffic destined to those ports).
Given my original comparison, the
com
nameservers are the DNS managers, who are delegating the zoneexample.com
to the nameservers (the staff members) to do the work of providing the basic zone information (SOA
,NS
,A
). You can also serve any additional records such as mail server recordsMX
or may be anA
record for yourwww.example.com
address.If that name server doesn't do the work, returns the wrong results, or has a 3rd party (firewall/ISP) blocking the work, you will not have working DNS and the delegation breaks.
It also may be worth noting that the domain does NOT have to be delegated to nameservers in the same domain, so
ns0.example.net
andns0.example.org
could both be valid nameserver who could haveexample.com
delegated to them. Provided both those name servers served theexample.com
domain.The reason that multiple name servers are required is to provide redundancy to the DNS clients, which is important for an internet which doesn't break.