[dns-operations] Upcoming DNS behavior changes to .com/.net/.edu name servers
Mark Andrews
marka at isc.org
Mon Mar 1 05:19:23 UTC 2010
In message <20100301044844.GA4316 at vacation.karoshi.com.>, bmanning at vacation.kar
oshi.com writes:
> i think it already happened - since its been 01mar2010 for almost 13hrs now.
>
> --bill
While it is March 1 in some parts of the world the servers have not
yet changed behaviour so asking for when the change will happen is
still reasonable.
Mark
; <<>> DiG 9.3.6-P1 <<>> ns1.google.com @a.gtld-servers.net +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64906
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;ns1.google.com. IN A
;; ANSWER SECTION:
ns1.google.com. 172800 IN A 216.239.32.10
;; AUTHORITY SECTION:
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 172800 IN A 216.239.32.10
ns2.google.com. 172800 IN A 216.239.34.10
ns3.google.com. 172800 IN A 216.239.36.10
ns4.google.com. 172800 IN A 216.239.38.10
;; Query time: 178 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Mon Mar 1 16:16:40 2010
;; MSG SIZE rcvd: 180
> On Sun, Feb 28, 2010 at 07:47:48PM -0800, Doug Barton wrote:
> > Out of curiosity are these changes still on schedule for tomorrow? If
> > so, is there a UTC time that the switch is expected to be thrown?
> >
> >
> > Thanks,
> >
> > Doug
> >
> >
> > On 01/08/10 15:52, Matt Larson wrote:
> > > (Apologies in advance that some of you will see multiple copies of
> > > this message on various lists.)
> > >
> > > On March 1, 2010, VeriSign will be making two changes that affect the
> > > behavior of the authoritative name servers for the .com, .net and .edu
> > > zones ([a-m].gtld-servers.net). The changes are a prerequisite for
> > > deploying DNSSEC in these three zones beginning in 2010.
> > >
> > > Because of the widespread use of .com and .net, and because resolution
> > > of some domains might be affected, we'd like to notify the community
> > > in advance about these changes.
> > >
> > > The two changes are:
> > >
> > > 1. New referral behavior
> > >
> > > When queried for an existing A or AAAA record serving as glue (an
> > > address record at or below NS records at a delegation point), the
> > > authoritative name servers for .com and .net respond with the glue
> > > record in the answer section. However, the answer is not marked
> > > authoritative, i.e., the AA bit is not set. While this behavior
> > > conforms to the DNS standards, recent authoritative servers do not
> > > respond this way. Instead, when queried for a name at or below a
> > > delegation point, recent authoritative servers respond with a referral
> > > to the delegated zone. This behavior is also supported by the DNS
> > > standards.
> > >
> > > The [a-m].gtld-servers.net servers are changing to the latter referral
> > > behavior: queries for glue records will result in referrals rather
> > > than non-authoritative answers.
> >
> > [...]
> >
> > > 2. Glue no longer promoted to authoritative status
> > >
> > > In the .com/.net registry system, a domain can be placed on an
> > > administrative hold status. A domain on hold is not published: the NS
> > > records delegating the domain are removed from the .com or .net zone.
> > > For example, registrars sometimes place a domain on hold if it is
> > > about to expire but the registrant has not responded to requests to
> > > renew it, or if it is being used for malicious activity.
> > >
> > > Currently, when a domain is placed on hold, its NS records are removed
> > > from the zone but not any of the A and AAAA records of name servers in
> > > that domain. For example, consider if the domain "example.com"
> > > existed in the registry along with the name server "ns.example.com".
> > > (An important note: whether or not the "example.com" zone itself
> > > actually uses "ns.example.com" as one of its authoritative name
> > > servers is irrelevant to the behavior described here. The important
> > > point is that "ns.example.com" is in the "example.com" domain, i.e.,
> > > below it in the DNS name space.)
> > >
> > > If the "example.com" domain were placed on hold today, the NS records
> > > delegating it would be removed from the .com zone. The A and AAAA
> > > records for "ns.example.com" remain in the zone. In fact, since these
> > > records are no longer below a delegation point, they are promoted to
> > > become authoritative data.
> > >
> > > As of March 1, 2010, when a domain goes on hold, the NS records
> > > delegating the domain will be removed from the zone, and the A and
> > > AAAA records for name servers below the domain will no longer be
> > > promoted to authoritative status. These A and AAAA records will not
> > > actually be removed: although they will not be returned when queried
> > > for directly, they will appear in the additional section of referrals
> > > that reference them.
> > >
> >
> >
> >
> > _______________________________________________
> > dns-operations mailing list
> > dns-operations at lists.dns-oarc.net
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list