View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Send A records with NS records
Log in to Ask a Question

Send A records with NS records

linode-dns

I had this set up with my previous DNS host which used InfoBlox, but when I moved to Linode DNS it seems to have stopped working.
If I have a domain hosted with Linode DNS, should I be able to set a subdomain of it to have different NS records with the servers being subdomains of that domain (similar to GLUE records)?

For example:

NS records for example.net
ns1.linode.net.
ns2.linode.net.
ns3.linode.net.
ns4.linode.net.
ns5.linode.net.

In the Linode DNS manager, I have the following records:

NS Record:
- Subdomain: subdomain.example.net
- Server: ns1.office.example.net

A record:
- Host: ns1.office.example.net
- IP: 199.x.x.121

office.example.net uses some custom dynamic DNS logic to route requests and can return different results depending on the source IP (for example, if you are connected to the VPN it can return a private IP instead of a public IP). However, it seems I am not getting the IP address of the NS server back from Linode.

I removed some extra stuff from this output:

yakatz@yakatz:~$ dig ph10.office.example.net

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> +trace ph10.office.example.net @8.8.8.8
;; global options: +cmd
.                       87034   IN      NS      a.root-servers.net.
.                       87034   IN      NS      b.root-servers.net.
.                       87034   IN      NS      c.root-servers.net.
...........
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 5 ms

net.                    172800  IN      NS      a.gtld-servers.net.
net.                    172800  IN      NS      b.gtld-servers.net.
...........
;; Received 1176 bytes from 199.7.83.42#53(l.root-servers.net) in 35 ms

example.net.            172800  IN      NS      ns1.linode.com.
example.net.            172800  IN      NS      ns2.linode.com.
example.net.            172800  IN      NS      ns3.linode.com.
example.net.            172800  IN      NS      ns4.linode.com.
example.net.            172800  IN      NS      ns5.linode.com.
...........
;; Received 697 bytes from 192.48.79.30#53(j.gtld-servers.net) in 10 ms

office.example.net.     86400   IN      NS      ns1.office.example.net.
couldn't get address for 'ns1.office.example.net': failure
dig: couldn't get address for 'ns1.office.example.net': no more

3 Replies

Linode Staff

I can't say for sure without knowing more about your particular setup, but it sounds like the target of the NS record in question has an A record that's invalid or is missing. You mentioned that you included the A record, but from the dig example it couldn't find it. It may be that the record's in place, but other servers haven't checked in yet with our nameservers for the latest changes. It could also be that another part of the DNS zone isn't a valid record and is preventing the zone from being updated.

If you'd like, feel free to open a ticket and myself or another member of the support team can take a look at the specific DNS zone with you.

I think I was able to get this set up correctly on Linode DNS.

My domain name - andysh.dev.

My subdomain - test.andysh.dev is served by (a fictional) ns.test.andysh.dev at IP 172.16.0.1.

I added an NS record to andysh.dev:

  • Nameserver: test.ns.andysh.dev
  • Subdomain: test

I added an A record to andysh.dev:

  • Hostname: test.ns
  • IP: 172.16.0.1

Linode's servers correctly return the IP address as an additional record (the glue record):

;; QUESTION SECTION:
;test.andysh.dev.        IN  NS

;; AUTHORITY SECTION:
test.andysh.dev.    3600    IN  NS  test.ns.andysh.dev.

;; ADDITIONAL SECTION:
test.ns.andysh.dev.    3600    IN  A   172.16.0.1

A dig +trace to hello.test.andysh.dev seemed to yield the hand-off correctly to test.ns.andysh.dev:

; <<>> DiG 9.16.1-Ubuntu <<>> @localhost hello.test.andysh.dev A +trace
; (2 servers found)
;; global options: +cmd
.            495607  IN  NS  m.root-servers.net.
.            495607  IN  NS  h.root-servers.net.
.            495607  IN  NS  f.root-servers.net.
.            495607  IN  NS  c.root-servers.net.
.            495607  IN  NS  k.root-servers.net.
.            495607  IN  NS  l.root-servers.net.
.            495607  IN  NS  i.root-servers.net.
.            495607  IN  NS  b.root-servers.net.
.            495607  IN  NS  e.root-servers.net.
.            495607  IN  NS  d.root-servers.net.
.            495607  IN  NS  g.root-servers.net.
.            495607  IN  NS  j.root-servers.net.
.            495607  IN  NS  a.root-servers.net.
.            495607  IN  RRSIG   NS 8 0 518400 20200701050000 20200618040000 48903 . opj79pcOQFV9X1x0/A2aQZBCH53Kaw7mpTlzufiCgUEMHkwMhFHza67w lo03VVYn9zGNioZPXpQwJAShoBDfA1+b1qEhy+18kjGDXsPg4kuHtLXz i/a+hKB5qeUA84aDwyGiBUNUGms2OWF94vNF9a75h/ryznDg8mhxeHuI PYglhomYgFPu1VHWiG5Tb3kf49Y/ZJuRmhGfjq1QLzdzC1fVfmCHgI5s nXfmC5FE5srNL6w9Nnk2AGoJk6vjbpFC2Pz6G76pshJQEyRLIbTtrTfw 7gTXyF3IddFv7whIAEieS/YSN5b9F2ZgGrdOiMVXkr2NQB9l+tIG0nTu /4qqaw==
;; Received 1137 bytes from ::1#53(localhost) in 0 ms

dev.            172800  IN  NS  ns-tld1.charlestonroadregistry.com.
dev.            172800  IN  NS  ns-tld2.charlestonroadregistry.com.
dev.            172800  IN  NS  ns-tld3.charlestonroadregistry.com.
dev.            172800  IN  NS  ns-tld4.charlestonroadregistry.com.
dev.            172800  IN  NS  ns-tld5.charlestonroadregistry.com.
dev.            86400   IN  DS  60074 8 2 B942E2CE5AEBF62FCA59D05707E6DBB795211D540D8ADBA02E9E89E8 33424785
dev.            86400   IN  RRSIG   DS 8 1 86400 20200701050000 20200618040000 48903 . mCSLy1hNnLfE0ZhfL5/l2yymOkTcMm4S6cHwDcyvXj9tFhuwu+32D6x4 3kLkB6jIabzdJTO5dlbMUr6gUQDnsJmX33L6fN6SB9Q9ws89vH7C500B cH69gC9PeBAgGDjXTSm0eDvf/vSs9VHNzf0lhDZquOHLO40Zb8rB2TCN 4IBqp6sygUaaQbW/P/KfTgOR2JpLgJg44++sy346eaSux8QRGSKSXvH+ bk/viyn+I9UmrHHk8hOIyVt6LJJ0zfnjQ6mVp8P4mn6IB7rB3YPOFWh9 ltNZS190todKDi7qrglCvFINIvb7gRTU/PMDVBkSWHmNnbQ6E2zrp/m/ GsQY7Q==
;; Received 741 bytes from 192.203.230.10#53(e.root-servers.net) in 0 ms

andysh.dev.        10800   IN  NS  ns1.linode.com.
andysh.dev.        10800   IN  NS  ns2.linode.com.
andysh.dev.        10800   IN  NS  ns3.linode.com.
andysh.dev.        10800   IN  NS  ns4.linode.com.
andysh.dev.        10800   IN  NS  ns5.linode.com.
qrpor22s3qkldmcro3g5ej24gs1mbkua.dev. 300 IN NSEC3 1 0 1 B7B0891083980E59 QRQGHMLQ3N0P57306C5H0TV9OF61DB2M NS
qrpor22s3qkldmcro3g5ej24gs1mbkua.dev. 300 IN RRSIG NSEC3 8 2 300 20200707154604 20200615154604 56224 dev. e0zQyBeWdq66NAr1FIzuIroTMg5YOV6uJkMbwRDn++ckg8hIYwFg9PLt GUjAd9/z0To1/30On/rG6za8Ld+Rs6Q8urDosAV559cDVJnXqQ5r7pSZ rktPirk2rgzB0x27u6WOiUxKmN42UrAk3tLmum4z3/mAGQlZmd3pj3fI CP0=
;; Received 395 bytes from 216.239.36.105#53(ns-tld3.charlestonroadregistry.com) in 43 ms

test.andysh.dev.    3600    IN  NS  test.ns.andysh.dev.
;; Received 88 bytes from 2400:cb00:2049:1::a29f:1b48#53(ns4.linode.com) in 115 ms

;; connection timed out; no servers could be reached

(I'd expect the timeout as 172.16.0.1 is not a reachable IP from my Linode.)

I swear I'd tried this earlier in the day and I got the same error from dig as you.

Ah my bad, just realised my "test.ns.andysh.dev" nameserver is not actually under the "test.andysh.dev" zone; explaining why it works now but didn't when I'd tried that set up earlier.

I've done a more realistic test, having found the following bit of advice:

This is an obscure detail, but dig +trace does not use data from the ADDITIONAL section to determine the IP address of the "next hop" nameserver. It is actually querying your nameserver in /etc/resolv.conf to obtain the IP address, and this query is failing.

So I now have andysh.dev being served on Linode, and office.andysh.dev being served on a completely separate DNS provider.

I had to make sure the "glue" section matched on both sides - Linode and the other provider.

On Linode:

Zone: andysh.dev

NS record -

Subdomain: office
Nameserver: ns.office.andysh.dev

A record -

Hostname: ns.office
Value: 185.136.96.100 (other provider's nameserver IP)

On my other provider:

Zone: office.andysh.dev

NS record -

Subdomain: office
Nameserver: ns.office.andysh.dev

A record -

Hostname: ns.office
Value: 185.136.96.100 (other provider's nameserver IP)

A record -

Hostname: home.office
Value: 127.0.0.1 (an example of your 'ph10' hostname)

Here's the results:

$ dig +short home.office.andysh.dev @8.8.8.8
127.0.0.1

$ dig +trace home.office.andysh.dev @8.8.8.8

; <<>> DiG 9.16.1-Ubuntu <<>> +trace home.office.andysh.dev @8.8.8.8
;; global options: +cmd
.                       38022   IN      NS      a.root-servers.net.
.                       38022   IN      NS      b.root-servers.net.
.                       38022   IN      NS      c.root-servers.net.
.                       38022   IN      NS      d.root-servers.net.
.                       38022   IN      NS      e.root-servers.net.
.                       38022   IN      NS      f.root-servers.net.
.                       38022   IN      NS      g.root-servers.net.
.                       38022   IN      NS      h.root-servers.net.
.                       38022   IN      NS      i.root-servers.net.
.                       38022   IN      NS      j.root-servers.net.
.                       38022   IN      NS      k.root-servers.net.
.                       38022   IN      NS      l.root-servers.net.
.                       38022   IN      NS      m.root-servers.net.
.                       38022   IN      RRSIG   NS 8 0 518400 20200630200000 20200617190000 48903 . rTZ8kwVEczerwWFGD8kH3pDflBj2JnoemyIeqT5cZ0I9azm7Y1GKFbeh BGuH8mV2ziCJqlY3uTcyLCuJZdebmVGpAsmI1rQgTnll5xMvBuLj2mvX oDZ/6RXI0xr+a+TeBOR5PXcWniq2o4jlCceuuL9HDtwQBST5UR4/ZvVC ZpjwTy4kB1z8K3IblLycFESXOPm2GLBeLzFHB1PLkbYX/9vIJILMYbP4 3q/0Qq1IehHnS4r2kPFnIwILCW6FWj7CEZLF54ciiaLp0BS6/mnsat5j aC1mHgTEhbW8vqIq2RaOJ7FbbETw4GCstQ+9MmrAdQCBfIViNrKfY3Q5 Cqkyrg==
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 0 ms

dev.                    172800  IN      NS      ns-tld1.charlestonroadregistry.com.
dev.                    172800  IN      NS      ns-tld2.charlestonroadregistry.com.
dev.                    172800  IN      NS      ns-tld3.charlestonroadregistry.com.
dev.                    172800  IN      NS      ns-tld4.charlestonroadregistry.com.
dev.                    172800  IN      NS      ns-tld5.charlestonroadregistry.com.
dev.                    86400   IN      DS      60074 8 2 B942E2CE5AEBF62FCA59D05707E6DBB795211D540D8ADBA02E9E89E8 33424785
dev.                    86400   IN      RRSIG   DS 8 1 86400 20200701050000 20200618040000 48903 . mCSLy1hNnLfE0ZhfL5/l2yymOkTcMm4S6cHwDcyvXj9tFhuwu+32D6x4 3kLkB6jIabzdJTO5dlbMUr6gUQDnsJmX33L6fN6SB9Q9ws89vH7C500B cH69gC9PeBAgGDjXTSm0eDvf/vSs9VHNzf0lhDZquOHLO40Zb8rB2TCN 4IBqp6sygUaaQbW/P/KfTgOR2JpLgJg44++sy346eaSux8QRGSKSXvH+ bk/viyn+I9UmrHHk8hOIyVt6LJJ0zfnjQ6mVp8P4mn6IB7rB3YPOFWh9 ltNZS190todKDi7qrglCvFINIvb7gRTU/PMDVBkSWHmNnbQ6E2zrp/m/ GsQY7Q==
;; Received 742 bytes from 193.0.14.129#53(k.root-servers.net) in 79 ms

andysh.dev.             10800   IN      NS      ns1.linode.com.
andysh.dev.             10800   IN      NS      ns2.linode.com.
andysh.dev.             10800   IN      NS      ns3.linode.com.
andysh.dev.             10800   IN      NS      ns4.linode.com.
andysh.dev.             10800   IN      NS      ns5.linode.com.
qrpor22s3qkldmcro3g5ej24gs1mbkua.dev. 300 IN NSEC3 1 0 1 B7B0891083980E59 QRQGHMLQ3N0P57306C5H0TV9OF61DB2M NS
qrpor22s3qkldmcro3g5ej24gs1mbkua.dev. 300 IN RRSIG NSEC3 8 2 300 20200707154604 20200615154604 56224 dev. e0zQyBeWdq66NAr1FIzuIroTMg5YOV6uJkMbwRDn++ckg8hIYwFg9PLt GUjAd9/z0To1/30On/rG6za8Ld+Rs6Q8urDosAV559cDVJnXqQ5r7pSZ rktPirk2rgzB0x27u6WOiUxKmN42UrAk3tLmum4z3/mAGQlZmd3pj3fI CP0=
;; Received 396 bytes from 2001:4860:4802:38::69#53(ns-tld4.charlestonroadregistry.com) in 7 ms

office.andysh.dev.      3600    IN      NS      ns.office.andysh.dev.
;; Received 84 bytes from 162.159.24.25#53(ns5.linode.com) in 3 ms

home.office.andysh.dev. 3600    IN      A       127.0.0.1
office.andysh.dev.      3600    IN      NS      ns.office.andysh.dev.
;; Received 100 bytes from 185.136.96.100#53(ns.office.andysh.dev) in 3 ms

You can see the final query hit my other provider's server:

;; Received 100 bytes from 185.136.96.100#53(ns.office.andysh.dev)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct