Primary name server not listed at parent

armin_bl · October 1, 2024, 5:02am

Hi there,
I’m new to desec, and I finally succeeded in setting up everything and got it running. Everything seems to work. But if I check the dns with mxtoolbox, some issues appear, which i do not know whether I can do something to solve it or if it’s to ignore or if it is on desec’s side. Please take a look at the attached screenshot. I would appreciate some advice or explanation about these issues.

Greetings
Armin

Bruce5051 · October 1, 2024, 10:36pm

Hello @armin_bl,

Well the https://en.wikipedia.org/wiki/SOA_record defines the MNAME “Primary master name server for this zone”.
Technically that does not have to be one of the Authoritative Nameservers, as is true for deSEC.

Using one of my test domain names shows the SOA

$ nslookup -q=soa petrifiedhaggis.us.kg ns1.desec.io.
Server:         ns1.desec.io.
Address:        45.54.76.1#53

petrifiedhaggis.us.kg
        origin = get.desec.io
        mail addr = get.desec.io
        serial = 2024094257
        refresh = 86400
        retry = 3600
        expire = 2419200
        minimum = 3600

And its Authoritative Nameservers

$ nslookup -q=ns petrifiedhaggis.us.kg ns1.desec.io.
Server:         ns1.desec.io.
Address:        45.54.76.1#53

petrifiedhaggis.us.kg   nameserver = ns2.desec.org.
petrifiedhaggis.us.kg   nameserver = ns1.desec.io.

And you can see it with DNS Spy report for petrifiedhaggis.us.kg

And this is what my deSEC looks like

And I too get this

And this is their statement on that “ERROR”

Edit

And the Whois https://register.us.kg/whois?name=petrifiedhaggis


This is US.KG's WHOIS service. (http://register.us.kg/)

Domain Name: petrifiedhaggis.us.kg
Registrar URL: http://nic.us.kg
Creation Date: 2024-08-24
Registry Expiry Date: 2025-08-24
Registrar: US.KG NIC (DigitalPlat.org)
Registrar Abuse Contact Email: abuse@nic.us.kg
Registrar Abuse Contact Phone: +1.8559805959
Registrant Name: REDACTED FOR PRIVACY
Registrant Email: REDACTED FOR PRIVACY
Registrant Address: REDACTED FOR PRIVACY
Registrant Phone: REDACTED FOR PRIVACY
Name Server: ns1.desec.io.
Name Server: ns2.desec.org.

You only see the Name Servers, not the SOA

Name Server: ns1.desec.io.
Name Server: ns2.desec.org.

armin_bl · October 2, 2024, 7:52am

Hello @Bruce5051 ,

thank you for your detailed answer.

I followed your steps and got similar results for my domain. I was a little worried, because they say “If your name server is not listed at the root this could cause impaired/incorrect lookups for your domain.” and I had no idea, how severe this issue is.

So if I understand this now correctly, there is nothing we can do from our side other than ignore the “error” at mxtoolbox.

Regards
Armin

Bruce5051 · October 2, 2024, 1:55pm

Hi @armin_bl,

Yes, just ignore the so called “error”.
I have not found any issues with that.