[dns-operations] Handling broken domains...

David Ulevitch davidu at everydns.net
Mon Jul 17 16:21:14 UTC 2006 

We periodically see really improperly configured domains that users  
expect (rightly so) to resolve.

Case in point: wholesalehunter.com

1) GTLD roots point to NS servers with authority.
2) Querying NS servers provides the answer section AND a new  
authority section with a long-living NS set that does not exist.
3) We replace the GTLD authority section with the more specific from  
the authoritative nameservers
4) TTL for the A record dies out and then the long-lived NS record to  
a nameserver which doesn't exist stays alive meaning we can't find an  
A record for it until we try the GTLD roots again.

How is this handled elsewhere in other resolver implementations?

I'm trying to decide how to best fix it.

-david



root:~# dig @g.gtld-servers.net wholesalehunter.com

; <<>> DiG 9.2.4 <<>> @g.gtld-servers.net wholesalehunter.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1592
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;wholesalehunter.com.           IN      A

;; AUTHORITY SECTION:
wholesalehunter.com.    172800  IN      NS      ns.chanuteks.com.
wholesalehunter.com.    172800  IN      NS      ns.nautilus.net.

;; ADDITIONAL SECTION:
ns.chanuteks.com.       172800  IN      A       66.140.160.1
ns.nautilus.net.        172800  IN      A       69.150.96.3

;; Query time: 32 msec
;; SERVER: 192.42.93.30#53(g.gtld-servers.net)
;; WHEN: Mon Jul 17 16:06:11 2006
;; MSG SIZE  rcvd: 125

root:~# dig @ns.chanuteks.com. wholesalehunter.com

; <<>> DiG 9.2.4 <<>> @ns.chanuteks.com. wholesalehunter.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57880
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;wholesalehunter.com.           IN      A

;; ANSWER SECTION:
wholesalehunter.com.    604800  IN      A       12.147.60.129

;; AUTHORITY SECTION:
wholesalehunter.com.    604800  IN      NS      ns.wholesalehunter.com.

;; Query time: 55 msec
;; SERVER: 66.140.160.1#53(ns.chanuteks.com.)
;; WHEN: Mon Jul 17 16:06:27 2006
;; MSG SIZE  rcvd: 70

root:~# dig @ns.wholesalehunter.com. wholesalehunter.com

; <<>> DiG 9.2.4 <<>> @ns.wholesalehunter.com. wholesalehunter.com
;; global options:  printcmd
;; connection timed out; no servers could be reached

More information about the dns-operations mailing list