Subdomain records can not be seen unless querying the name server directly

Hi Community,

I am a little confused because I believe I have done everything correct but I am not getting the expected behaviour.

We are trying to delegate marketing.growthops.asia from cloudflare to a marketing service.

I have added NS records to the DNS of that service.

I can see the NS records when I query the nameservers of growthops.asia directly but when I query 1.1.1.1 or other public DNS those records do not appear.

Could there be some setting that is block this propagating?

You have created NS records that point to ns1/2/3.exacttarget.com. A recursive resolver (like 1.1.1.1) will follow these NS records and ask one of the 3 targets (i.e. ns1.exacttarget.com) for the final value.

But ns1.exacttarget.com isn’t responding for your domain yet, so 1.1.1.1 can’t find an answer.

NS records create a chain from the root nameservers to the nameservers that are authoritative for your hostname. There are a lot of NS records in this chain, and recursive resolvers like 1.1.1.1 will only display the NS records from the authoritative nameservers, see here:

dig marketing.growthops.asia +trace +nodnssec

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> marketing.growthops.asia +trace +nodnssec
;; global options: +cmd
.                       6623    IN      NS      g.root-servers.net.
.                       6623    IN      NS      d.root-servers.net.
.                       6623    IN      NS      j.root-servers.net.
.                       6623    IN      NS      c.root-servers.net.
.                       6623    IN      NS      l.root-servers.net.
.                       6623    IN      NS      a.root-servers.net.
.                       6623    IN      NS      b.root-servers.net.
.                       6623    IN      NS      i.root-servers.net.
.                       6623    IN      NS      k.root-servers.net.
.                       6623    IN      NS      f.root-servers.net.
.                       6623    IN      NS      e.root-servers.net.
.                       6623    IN      NS      m.root-servers.net.
.                       6623    IN      NS      h.root-servers.net.
;; Received 239 bytes from 127.0.0.53#53(127.0.0.53) in 4 ms

asia.                   172800  IN      NS      b2.asia.afilias-nst.org.
asia.                   172800  IN      NS      c0.asia.afilias-nst.info.
asia.                   172800  IN      NS      a0.asia.afilias-nst.info.
asia.                   172800  IN      NS      b0.asia.afilias-nst.asia.
asia.                   172800  IN      NS      d0.asia.afilias-nst.asia.
asia.                   172800  IN      NS      a2.asia.afilias-nst.info.
;; Received 513 bytes from 2001:500:12::d0d#53(g.root-servers.net) in 76 ms

growthops.asia.         3600    IN      NS      alec.ns.cloudflare.com.
growthops.asia.         3600    IN      NS      fay.ns.cloudflare.com.
;; Received 107 bytes from 199.249.114.1#53(a2.asia.afilias-nst.info) in 8 ms

marketing.growthops.asia. 300   IN      NS      ns1.exacttarget.com.
marketing.growthops.asia. 300   IN      NS      ns2.exacttarget.com.
marketing.growthops.asia. 300   IN      NS      ns3.exacttarget.com.
;; Received 122 bytes from 172.64.33.59#53(alec.ns.cloudflare.com) in 4 ms

;; Received 81 bytes from 66.231.91.222#53(ns1.exacttarget.com) in 128 ms

You need to make sure the target nameserver answers for your hostname.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.