[dns-operations] Upcoming DNS behavior changes to .com/.net/.edu name servers

Mon Mar 1 04:48:44 UTC 2010

 i think it already happened - since its been 01mar2010 for almost 13hrs now.

--bill

On Sun, Feb 28, 2010 at 07:47:48PM -0800, Doug Barton wrote:
> Out of curiosity are these changes still on schedule for tomorrow? If
> so, is there a UTC time that the switch is expected to be thrown?
> 
> 
> Thanks,
> 
> Doug
> 
> 
> On 01/08/10 15:52, Matt Larson wrote:
> > (Apologies in advance that some of you will see multiple copies of
> > this message on various lists.)
> > 
> > On March 1, 2010, VeriSign will be making two changes that affect the
> > behavior of the authoritative name servers for the .com, .net and .edu
> > zones ([a-m].gtld-servers.net).  The changes are a prerequisite for
> > deploying DNSSEC in these three zones beginning in 2010.
> >  
> > Because of the widespread use of .com and .net, and because resolution
> > of some domains might be affected, we'd like to notify the community
> > in advance about these changes.
> > 
> > The two changes are:
> >  
> > 1. New referral behavior
> >  
> > When queried for an existing A or AAAA record serving as glue (an
> > address record at or below NS records at a delegation point), the
> > authoritative name servers for .com and .net respond with the glue
> > record in the answer section.  However, the answer is not marked
> > authoritative, i.e., the AA bit is not set.  While this behavior
> > conforms to the DNS standards, recent authoritative servers do not
> > respond this way.  Instead, when queried for a name at or below a
> > delegation point, recent authoritative servers respond with a referral
> > to the delegated zone.  This behavior is also supported by the DNS
> > standards.
> >  
> > The [a-m].gtld-servers.net servers are changing to the latter referral
> > behavior: queries for glue records will result in referrals rather
> > than non-authoritative answers.
> 
> [...]
> 
> > 2. Glue no longer promoted to authoritative status
> >  
> > In the .com/.net registry system, a domain can be placed on an
> > administrative hold status.  A domain on hold is not published: the NS
> > records delegating the domain are removed from the .com or .net zone.
> > For example, registrars sometimes place a domain on hold if it is
> > about to expire but the registrant has not responded to requests to
> > renew it, or if it is being used for malicious activity.
> >  
> > Currently, when a domain is placed on hold, its NS records are removed
> > from the zone but not any of the A and AAAA records of name servers in
> > that domain.  For example, consider if the domain "example.com"
> > existed in the registry along with the name server "ns.example.com".
> > (An important note: whether or not the "example.com" zone itself
> > actually uses "ns.example.com" as one of its authoritative name
> > servers is irrelevant to the behavior described here.  The important
> > point is that "ns.example.com" is in the "example.com" domain, i.e.,
> > below it in the DNS name space.)
> >  
> > If the "example.com" domain were placed on hold today, the NS records
> > delegating it would be removed from the .com zone.  The A and AAAA
> > records for "ns.example.com" remain in the zone.  In fact, since these
> > records are no longer below a delegation point, they are promoted to
> > become authoritative data.
> >  
> > As of March 1, 2010, when a domain goes on hold, the NS records
> > delegating the domain will be removed from the zone, and the A and
> > AAAA records for name servers below the domain will no longer be
> > promoted to authoritative status.  These A and AAAA records will not
> > actually be removed: although they will not be returned when queried
> > for directly, they will appear in the additional section of referrals
> > that reference them.
> >  
> 
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations