[dns-operations] Resolver operation an expired domain

Mark Andrews marka at isc.org
Thu Jan 27 22:17:56 UTC 2011


In message <Prayer.1.3.3.1101272007490.5495 at hermes-1.csi.cam.ac.uk>, Chris Thompson w
rites:
> On Jan 27 2011, I wrote:
> 
> >On Jan 27 2011, Frank Bulk wrote:
> >
> >>Any A record you query against that NS returns 209.62.105.19. =)
> >
> >Except for names inside pendingrenewaldeletion.com, in which case they
> >return 205.178.189.51. Just a couple of wildcards, apparently.
> >
> >I have also seen lots of format errors in my logs resulting from
> >attempts to look up AAAA records at these servers - indeed any
> >record type except A seems to result in such errors.
> 
> It's fairly obvious why, in fact: any negative answer is accompanied
> by an SOA record for "." in the authority section, coming from the
> fake root zone, and BIND isn't going to like that one little bit...

And verisign should know better.  While verisign gets this wrong
how can we expect everyone else to do the right thing?  2% of the
Alexa list get this wrong (includes verisign).  This is significantly
hampering IPv6 deployment as it slow up IPv6 resolution.

> -- 
> Chris Thompson               University of Cambridge Computing Service,
> Email: cet1 at ucs.cam.ac.uk    New Museums Site, Cambridge CB2 3QH,
> Phone: +44 1223 334715       United Kingdom.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list