[dns-operations] NS strangeness for TLD "nc"
cet1 at cam.ac.uk
Wed Jun 22 19:08:37 UTC 2011
[Cc'd to the SOA.rname for NC]
I noticed that I was getting strangely inconsistent results when checking
whether the TLD "nc" was signed or not, which I tracked down to this:
Delegation in the root zone is to
ns-nc.ripe.net. (only its IPv4 address appears in the glue)
while in the zone itself the NS records are for
This isn't a matter of aliasing: all seven names have different IP
addresses. The zone appears to have the same SOA serial (and NS RRset)
at each of them, but the latter 4 have signed versions, while the other
3 have unsigned ones.
One result is that if you don't have the NS RRset in cache, you have
only a 25% chance of seeing DNSKEY records, but once it is, you have
a 100% chance.
Can this really be an intended configuration? Cock-up or conspiracy?
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations