[dns-operations] is it worth trying to get people to stop declaring authority for '.' ?

Florian Weimer fw at deneb.enyo.de
Tue Dec 2 17:14:35 UTC 2008

* David Dagon:

> But here's what's interesting.  I have anecdotally noticed that many
> such authorities for .cn domains originally claimed authority for a
> TLD (usually .com) ... but then later they all seemed to switch to '.'
> instead.

Well, here's one of the oldest offenders I could find:

; <<>> DiG 9.5.0-P2 <<>> @ns1.hi2000.com xintepc.com txt
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23730
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;xintepc.com.                   IN      TXT

xintepc.com.            14400   IN      TXT     "v=spf1 include:spf.chinanetsun.com -all"

com.                    14400   IN      NS      ns1.hi2000.com.
com.                    14400   IN      NS      ns2.hi2000.com.

;; Query time: 304 msec
;; WHEN: Tue Dec  2 18:00:11 2008
;; MSG SIZE  rcvd: 124

This is not some sort of DNS-rewriting business, it's actually
delegated from .com.

> But these days they answer similarly with '.' instead.  I've not done
> a survey, but anecdotally it seems they all changed to '.'.  Have
> others noticed such a migration?

In some cases, yes, but I still see some spammy servers authoritative
for .com.  (Technically, Sedo is in this category as well, but they
don't use anything that behaves very closely to a zone-based name
server and will not return those problematic authority sections.)

More information about the dns-operations mailing list