In order to discuss the issue more easily, let’s name the domain that I will buy “new.example”, and the free dynamic domain that I’ve been using to this date “old.dyn.example”.
What may I do?
In theory, there are two ways I can associate my IP address with new.example:
- I could either set
new.exampleto be an “alias” forold.dyn.example: in this case, when one asks for the IP address ofnew.example, the DNS server actually looks up the IP address ofold.dyn.example, which is dynamically associated to the correct IP address (the one presently assigned to me); - or I could directly change the DNS settings of
new.examplewith the correct IP address, and repeat each time this address changes (like I already do forold.dyn.example), so that whenever the IP address associated tonew.exampleis looked up, one can directly get the right answer.
The first option above is in fact impossible, as was explained to me by jercos on IRC (edited for clarity):
< jercos> The problem at hand is that a CNAME record is not allowed to
coexist with any other records, and your second-level domain
needs, at very least, an SOA record
< jercos> (and the NS records to point at its hosting nameservers).
< jercos> Now, if you managed .example, you could place a CNAME record
for new.example without ever making an NS or SOA record
< jercos> but if you own the second level domain, you *must* have an
SOA record there, and if you host it yourself rather than on
the .example nameservers, you must have NS records there.
< jercos> The NS data sits on .example nameservers and is mirrored on
your own, and the SOA record is published by your
nameservers. Given that you can't control .example
nameservers, you are forced to have records for new.example
other than a CNAME, and thus cannot have a CNAME.
In short, the CNAME record (technical name of an alias) cannot coexist with any other DNS record. There is a small exception, though, brought up by lunaphyte on IRC; it is not really on-topic for this article, but I prefer to report it nonetheless, so as not to spread false information:
< rjsalts> Correct, CNAMEs cannot coexist with any other RR type
< lunaphyte> [dnssec records being an exception]
< rjsalts> lunaphyte, even DNSKEY? or KEY records?
< lunaphyte> rjsalts: sig, nxt, and key
There. The small exception is that DNSSEC (the secured DNS that has difficulty spreading) comes with some DNS records that are exceptionally allowed to coexist with CNAME. But this does not help with my issue :-)
Long story short, there is only one possibility: forget about old.dyn.example and dynamically update the DNS records associated with new.example instead. But… will the company that will sell me the domain name allow that? Back to Ixquick (or Google if you prefer)… for very mixed results.
It turns out that most DNS registrars do not allow dynamic updates to their DNS records (that is, through an automatic program instead of the web interface).
But at least OVH does allow this, and even has documentation for this feature. There, I notice that the feature is provided for sub-domains only, but not for the main domain; in other words, I could make www.new.example and mail.new.example dynamic, but not new.example itself. As I had read documentation for Debian and Ubuntu before, that seemed to concur (now I know that it is just because these instructions insist on using CNAME), I thought that the DNS protocol itself would force me into using sub-domains! That is what I decided to check immediately on IRC (#dns @ freenode.net):
< rjsalts> You should be able to update the .example domain if you are
the registrant.
< rjsalts> If your dynamic dns provider can't handle it, find a better
one.
< ME> I'm not sure I understand. I will be the registrant of, say,
"new.example". But I assume I will have absolutely no control
over the DNS records of "example".
< rjsalts> If you're the registrant of new.example then you should be
able to delegate that domain to your provider, and your
provider should be able to publish A/AAA/TXT/... records at
new.example of your desire.
OK. So in fact I do not have to declare sub-domains; I only have to find a registrar that suits my needs. I found confirmation for this in the news for the DNS protocol, in a message from Barry of MIT, no less!
There's no DNS-based reason why they shouldn't allow dynamic updates
of the A record on the zone apex. This is a restriction your DNS
provider is adding on their own.
Good. Now, my problem is that no registrar seems suitable to me :-(
Thankfully, jercos came to the rescue again, on IRC:
< ME> jercos: OK. So I now have to find the registrar that will allow
me to update my "A" record whenever my IP is changing.
< jercos> The registrar is related, but not tied. The registrar
handles taking your money and giving you a domain, and often
registrars will provide free DNS hosting with your continued
payment on a domain name...
< jercos> However almost all registrars will let you put in another
DNS host's nameservers and attach your domain to them.
< jercos> So you can give money to one group, and manage your records
with another :D
< jercos> As far as I know, for example, dns.he.net doesn't provide a
registrar service at all, only the DNS hosting portion.
< jercos> So really, buy your domain from whoever's the cheapest, and
have them set the nameserver records to point to whoever
provides the features you want, in this case dynamic DNS.
Phew! In short, I will be able to buy my domain name wherever I want (not necessarily the cheaper one; for instance, I may instead choose a registrar on the basis of its past conduct) and then manage this domain name somewhere else.
How should I do?
So, I will create an account with a DNS hosting company, that will provide a web interface for managing DNS records for new.example, as well as allow my server to update some DNS records. Fine, but which records?
Once again, it seems that I have two possibilities:
- I could either ask my server to manage its own DNS, in which case I would have to update the
A,AAAAandNSrecords of the DNS hosting company when my IP address changes; - or I could let the DNS hosting company manage the DNS entries, thus I would have to update the
AandAAAArecords when my IP address changes (sub-domains, if any, would also be handled by the DNS hosting company).
And once more, the first option is not possible, as was explained to me by rjsalts on IRC (#dns @ freenode.net):
< ME> So in short, it's just up to me to choose a DNS provider that
will allow me to update the "A" record whenever it is necessary,
or buy my domain name at a place that will allow me to update
the "NS" record whenever it is necessary (and then manage my own
DNS). Do I understand correctly?
< rjsalts> The first option will work. Updating your dns servers will
probably cause problems in resolution at times, so you'd
want to leave them on the same ips as much as possible.
< ME> rjsalts: I see. updating the NS records would have propagation
delays, I assume... So only one solution: find a DNS provider
that will allow me to update "A" for new.example.
Which leads to two lessons:
- Do not set the value of the
NSrecord to a server name, the IP address of which changes often: each change triggers a period of unavailability! - rjsalts and lunaphyte later explained to me that the “propagation delay” was in fact a thing of the past: propagation these days is mostly instantaneous. The problem leading to lesson #1 is one of cache: just like web browsers do, intermediate DNS servers keep known facts in memory for a non-negligible duration (called TTL, “Time To Live”) that may last up to 24 hours.
That is the reason why my DNS records will be managed on the servers of the DNS hosting company.
What about the reverse-DNS (PTR record)?
In particular if you run your own mail server, the A (traduction du nom de domaine vers l’adresse IP) and PTR (traduction de l’adresse IP vers le nom de domaine) records should correspond to each other. Let’s assume that my IP address is 203.0.113.90. For the time being, when I query the DNS servers, I get these answers:
- (
A) A lookup for the domain nameold.dyn.examplereturns the IP address203.0.113.90:-) - (
PTR) A lookup for the IP address203.0.113.90returns the domain name90.113.0.203.rev.sfr.net:-(
As you can see, in this example my ISP (Internet Service Provider) is SFR, and the PTR record is handled by the ISP: I found confirmation of this on the FreeDNS web site.
Thus my only option is to ask my ISP if they would agree to sync my IP address with my own domain name, in the PTR record they manage for me. Maybe they could even double as a DNS host, allowing me to manage my DNS records without having to use a third-party service… I leave the final word to hawk and Anonissimus on IRC (#dns @ freenode.net) :
< ME> I was wondering: Is there any way I can register my own domain
name, and have the A and PTR records in sync, given that the IP
for my A record will be my home server's, and my home PTR is
currently managed by my Internet Service Provider?
< hawk> You'd have to ask your ISP, I guess.
< hawk> And if you are talking about your regular consumer-oriented
ISP and you ask to have the PTR for the IP they assigned to
you changed, the answer is almost certainly "no".
< Anonissimus> or do an nsupdate
…
I wish to thank people on ##English @ freenode.net (IRC) for their help with this translation, especially etotheipi.
