Gunther Kochmann

Trouble with delegation of subzone to another nameserver (not Akamai FastDNS)

Blog Post created by Gunther Kochmann Employee on Jun 26, 2015

Recently I came across this inquiry and described problem:

 

The question is about DNS delegation for a customer who is already using FastDNS. He simply wants to delegation a subzone to another nameserver for email blast purposes. So the registrar already has the Akamai nameservers listed, but the dns delegation doesn’t seem to be working.

 

I took a look at the domain or zone in question by checking its SOA record delivered by Akamai's FastDNS servers:

 

gkochman@lsg-gss3:~$ dig SOA customer-zone.com @ns1-82.akam.net

 

; <<>> DiG 9.7.0-P1 <<>> SOA customer-zone.com @ns1-82.akam.net

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2030

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 11

;; WARNING: recursion requested but not available

 

;; QUESTION SECTION:

;customer-zone.com. IN      SOA

 

;; ANSWER SECTION:

  customer-zone.com. 86400 IN      SOA ns1-82.akam.net. hostmaster.akamai.com. 1433943145 43200 7200 604800 7200

 

So far this looked good to me.

 

Now as a second I took a look at the FastDNS entry for the subzone:

 

FastDNS_subzone2.png

 

  • we see the (sub-)zone called 'sub-zone' as part of the zone called 'customer-zone.com'
  • this sub-zone got four NS record entries as authoritatives
  • nameservers ns1 - ns4.otherdns.com belong to a zone 'otherdns.com' which is not on Akamai FastDNS

 

So I tried fetching the SOA record for 'sub-zone.customer-zone.com':

 

gkochman@lsg-gss3:~$ dig SOA sub-zone.customer-zone.com @ns3.otherdns.com.

; <<>> DiG 9.7.0-P1 <<>> SOA sub-zone.customer-zone.com @ns3.otherdns.com.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 12474

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; WARNING: recursion requested but not available

 

;; QUESTION SECTION:

;sub-zone.customer-zone.com. IN      SOA

 

What do we find on this printout?

 

Well, the SOA did not seem to exist. I went back to my customer contact point and asked this to be checked, because a SOA record is required for each and every zone/subzone.

 

In the end it turned out that in fact the SOA was missing and once it had been setup all was fine and working.

Outcomes