the added NS servers for the subdomain are not resolved, everything is working however, just that there is no reply from dora/noah about the deligation
. 6532 IN NS f.root-servers.net.
;; Received 239 bytes from 127.0.0.53#53(127.0.0.53) in 3 ms
th. 172800 IN NS a.thains.co.th.
th. 172800 IN NS c.thains.co.th.
th. 172800 IN NS b.thains.co.th.
th. 172800 IN NS p.thains.co.th.
th. 172800 IN NS ns.thnic.net.
th. 172800 IN NS nn1.thains.co.th.
;; Received 428 bytes from 192.112.36.4#53(g.root-servers.net) in 55 ms
0x8.in.th. 7200 IN NS noah.ns.cloudflare.com.
0x8.in.th. 7200 IN NS dora.ns.cloudflare.com.
;; Received 125 bytes from 202.28.0.1#53(ns.thnic.net) in 183 ms
dev.0x8.in.th. 300 IN NS ir.defunct.space.
dev.0x8.in.th. 300 IN NS sg.0x8.in.th.
dev.0x8.in.th. 300 IN NS sg.defunct.space.
;; Received 122 bytes from 108.162.193.133#53(noah.ns.cloudflare.com) in 3 ms
dev.0x8.in.th. 120 IN NS ir.defunct.space.
dev.0x8.in.th. 120 IN NS sg.defunct.space.
dev.0x8.in.th. 120 IN NS sg.0x8.in.th.
;; Received 140 bytes from 13.53.205.155#53(ir.defunct.space) in 35 ms
Hey, yes thats exactly my point, everything works … but the CF servers do not provide the information by temselfs, making me courious houw the chain of deligation is being held intact.
This often confuses people. You cannot query the Cloudflare nameservers for the NS records, in the same way as you cannot query them for A, CNAME or other records, because you have delegated answering that to other nameservers.
Using dig shows this more clearly. If you ask the Cloudflare nameserver for the NS records of dev.0x8.in.th, it doesn’t answer, but tells you where to get the answer from, that is the delegation.
dig dev.0x8.in.th ns @dora.ns.cloudflare.com
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> dev.0x8.in.th ns @dora.ns.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30882
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dev.0x8.in.th. IN NS
;; AUTHORITY SECTION:
dev.0x8.in.th. 300 IN NS ir.defunct.space.
dev.0x8.in.th. 300 IN NS sg.0x8.in.th.
dev.0x8.in.th. 300 IN NS sg.defunct.space.
;; ADDITIONAL SECTION:
sg.0x8.in.th. 300 IN A 128.199.214.95
;; Query time: 3 msec
;; SERVER: 2a06:98c1:50::ac40:206c#53(dora.ns.cloudflare.com) (UDP)
;; WHEN: Thu Aug 22 08:57:00 UTC 2024
;; MSG SIZE rcvd: 122
yeah that makes sense, i was under the impression that query the NS record is the same what dig does. i gues i have ben proven wrong just now… thanks for help me understanding this better.