[dns-operations] Upcoming DNS behavior changes to .com/.net/.edu name servers
Doug Barton
dougb at dougbarton.us
Mon Mar 1 03:47:48 UTC 2010
Out of curiosity are these changes still on schedule for tomorrow? If
so, is there a UTC time that the switch is expected to be thrown?
Thanks,
Doug
On 01/08/10 15:52, Matt Larson wrote:
> (Apologies in advance that some of you will see multiple copies of
> this message on various lists.)
>
> On March 1, 2010, VeriSign will be making two changes that affect the
> behavior of the authoritative name servers for the .com, .net and .edu
> zones ([a-m].gtld-servers.net). The changes are a prerequisite for
> deploying DNSSEC in these three zones beginning in 2010.
>
> Because of the widespread use of .com and .net, and because resolution
> of some domains might be affected, we'd like to notify the community
> in advance about these changes.
>
> The two changes are:
>
> 1. New referral behavior
>
> When queried for an existing A or AAAA record serving as glue (an
> address record at or below NS records at a delegation point), the
> authoritative name servers for .com and .net respond with the glue
> record in the answer section. However, the answer is not marked
> authoritative, i.e., the AA bit is not set. While this behavior
> conforms to the DNS standards, recent authoritative servers do not
> respond this way. Instead, when queried for a name at or below a
> delegation point, recent authoritative servers respond with a referral
> to the delegated zone. This behavior is also supported by the DNS
> standards.
>
> The [a-m].gtld-servers.net servers are changing to the latter referral
> behavior: queries for glue records will result in referrals rather
> than non-authoritative answers.
[...]
> 2. Glue no longer promoted to authoritative status
>
> In the .com/.net registry system, a domain can be placed on an
> administrative hold status. A domain on hold is not published: the NS
> records delegating the domain are removed from the .com or .net zone.
> For example, registrars sometimes place a domain on hold if it is
> about to expire but the registrant has not responded to requests to
> renew it, or if it is being used for malicious activity.
>
> Currently, when a domain is placed on hold, its NS records are removed
> from the zone but not any of the A and AAAA records of name servers in
> that domain. For example, consider if the domain "example.com"
> existed in the registry along with the name server "ns.example.com".
> (An important note: whether or not the "example.com" zone itself
> actually uses "ns.example.com" as one of its authoritative name
> servers is irrelevant to the behavior described here. The important
> point is that "ns.example.com" is in the "example.com" domain, i.e.,
> below it in the DNS name space.)
>
> If the "example.com" domain were placed on hold today, the NS records
> delegating it would be removed from the .com zone. The A and AAAA
> records for "ns.example.com" remain in the zone. In fact, since these
> records are no longer below a delegation point, they are promoted to
> become authoritative data.
>
> As of March 1, 2010, when a domain goes on hold, the NS records
> delegating the domain will be removed from the zone, and the A and
> AAAA records for name servers below the domain will no longer be
> promoted to authoritative status. These A and AAAA records will not
> actually be removed: although they will not be returned when queried
> for directly, they will appear in the additional section of referrals
> that reference them.
>
More information about the dns-operations
mailing list