[dns-operations] is it worth trying to get people to stop declaring authority for '.' ?
Florian Weimer
fw at deneb.enyo.de
Tue Dec 2 17:14:35 UTC 2008
* David Dagon:
> But here's what's interesting. I have anecdotally noticed that many
> such authorities for .cn domains originally claimed authority for a
> TLD (usually .com) ... but then later they all seemed to switch to '.'
> instead.
Well, here's one of the oldest offenders I could find:
; <<>> DiG 9.5.0-P2 <<>> @ns1.hi2000.com xintepc.com txt
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23730
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;xintepc.com. IN TXT
;; ANSWER SECTION:
xintepc.com. 14400 IN TXT "v=spf1 include:spf.chinanetsun.com -all"
;; AUTHORITY SECTION:
com. 14400 IN NS ns1.hi2000.com.
com. 14400 IN NS ns2.hi2000.com.
;; Query time: 304 msec
;; SERVER: 222.73.110.120#53(222.73.110.120)
;; WHEN: Tue Dec 2 18:00:11 2008
;; MSG SIZE rcvd: 124
This is not some sort of DNS-rewriting business, it's actually
delegated from .com.
> But these days they answer similarly with '.' instead. I've not done
> a survey, but anecdotally it seems they all changed to '.'. Have
> others noticed such a migration?
In some cases, yes, but I still see some spammy servers authoritative
for .com. (Technically, Sedo is in this category as well, but they
don't use anything that behaves very closely to a zone-based name
server and will not return those problematic authority sections.)
More information about the dns-operations
mailing list