[dns-operations] iVenue and CommunityDNS.

Florian Weimer fweimer at bfk.de
Fri Mar 25 10:04:17 UTC 2011 

* Stephane Bortzmeyer:

> On Fri, Mar 25, 2011 at 09:35:18AM +0000,
>  Florian Weimer <fweimer at bfk.de> wrote 
>  a message of 24 lines which said:
>
>> Your request puzzles me because the practice is so common.
>
> It is? I never heard about that (except for the root where it happens,
> but I would not call it "common", and it is on recursive name servers
> anyway, not authoritative ones). Do you have data or is it anecdotal
> evidence?

Many domain parking platforms do it.  Here are a few examples:

; <<>> DiG 9.6-ESV-R3 <<>> +norecurse @NS0.DIRECTNIC.com. a.nic.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19788
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;a.nic.fr.              IN      A

;; ANSWER SECTION:
a.nic.fr.       86400   IN      A       74.117.222.18

;; AUTHORITY SECTION:
.               86400   IN      NS      ns0.directnic.com.
.               86400   IN      NS      ns1.directnic.com.

;; ADDITIONAL SECTION:
ns0.directnic.com.      3600    IN      A       74.117.217.20
ns1.directnic.com.      3600    IN      A       74.117.222.20

;; Query time: 116 msec
;; SERVER: 74.117.217.20#53(74.117.217.20)
;; WHEN: Fri Mar 25 09:55:55 2011
;; MSG SIZE  rcvd: 121

; <<>> DiG 9.6-ESV-R3 <<>> +norecurse @ns1.above.com. a.nic.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20114
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;a.nic.fr.              IN      A

;; ANSWER SECTION:
a.nic.fr.       3600    IN      A       69.43.160.174

;; Query time: 169 msec
;; SERVER: 69.43.160.19#53(69.43.160.19)
;; WHEN: Fri Mar 25 09:57:25 2011
;; MSG SIZE  rcvd: 42

; <<>> DiG 9.6-ESV-R3 <<>> +norecurse @ns1.namebrightdns.com. a.nic.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25316
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;a.nic.fr.              IN      A

;; Query time: 144 msec
;; SERVER: 216.38.198.89#53(216.38.198.89)
;; WHEN: Fri Mar 25 09:58:08 2011
;; MSG SIZE  rcvd: 26

; <<>> DiG 9.6-ESV-R3 <<>> +norecurse @ns1.dns.com.cn. a.nic.fr
; (7 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38459
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;a.nic.fr.              IN      A

;; AUTHORITY SECTION:
.               3600    IN      SOA     ns2.dns.com.cn. root.ns2.dns.com.cn. 2008092215 3600 3600 68400 180

;; Query time: 308 msec
;; SERVER: 122.70.139.6#53(122.70.139.6)
;; WHEN: Fri Mar 25 09:58:58 2011
;; MSG SIZE  rcvd: 80

; <<>> DiG 9.6-ESV-R3 <<>> +norecurse @ns1.sedoparking.com. a.nic.fr.
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37766
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;a.nic.fr.              IN      A

;; ANSWER SECTION:
a.nic.fr.       600     IN      A       82.98.86.177

;; Query time: 133 msec
;; SERVER: 74.208.13.27#53(74.208.13.27)
;; WHEN: Fri Mar 25 09:41:34 2011
;; MSG SIZE  rcvd: 42

; <<>> DiG 9.6-ESV-R3 <<>> +norecurse @a.giraffe.co.uk. a.nic.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12636
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;a.nic.fr.              IN      A

;; ANSWER SECTION:
a.nic.fr.       86400   IN      A       87.106.142.81

;; AUTHORITY SECTION:
a.nic.fr.       86400   IN      NS      a.giraffe.co.uk.
a.nic.fr.       86400   IN      NS      b.giraffe.co.uk.

;; Query time: 4 msec
;; SERVER: 87.106.142.81#53(87.106.142.81)
;; WHEN: Fri Mar 25 10:00:32 2011
;; MSG SIZE  rcvd: 87

; <<>> DiG 9.6-ESV-R3 <<>> +norecurse @ns1.smartname.com. a.nic.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9816
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;a.nic.fr.		IN	A

;; ANSWER SECTION:
a.nic.fr.	3600	IN	A	64.95.64.197

;; AUTHORITY SECTION:
fr.			86400	IN	NS	ns1.smartname.com.
fr.			86400	IN	NS	ns2.smartname.com.

;; ADDITIONAL SECTION:
ns1.smartname.com.	86400	IN	A	64.95.64.222
ns1.smartname.com.	300	IN	A	64.95.64.222
ns2.smartname.com.	86400	IN	A	206.83.79.29
ns2.smartname.com.	300	IN	A	206.83.79.29

;; Query time: 103 msec
;; SERVER: 64.95.64.222#53(64.95.64.222)
;; WHEN: Fri Mar 25 10:01:05 2011
;; MSG SIZE  rcvd: 155

(This is just the tip of the iceberg.  I didn't automate the probing.)

Occasionally, this causes real operational problems.

The odd thing here is that CommunityDNS strives to serve the original
data.  I'm not convinced that this worse than publishing completely
bogus data, authoritatively, as in the examples above.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the dns-operations mailing list