[dns-operations] Broken delegation

Dave Warren davew at hireahit.com
Sat Mar 8 19:02:25 UTC 2014


I've inherited a bit of a mess; a small company is ceasing operations and we're taking over their NS, and it's a who's-who of how not to set up authoritative DNS.

(NS 1,4 share the same IP and 5 shares the same hardware, NS3 is not even authoritative, it just forwards to NS1, etc, so basically they have one actual functioning server, although oddly 5 doesn't carry all zones)

The biggest thing I'm finding is inconsistent delegation, primarily cases where the domain is delegated to NS1-2 and the zone lists 1-4, or the reverse.

Assuming that all the NS records ultimately point to servers that actually respond and that there's no lame delegation, what actually breaks in the real world when delegation is inconsistent? – I'd expect inconsistent load balancing of the NS, which is fine and expected.

Is it better if I scrape the appropriate TLD zones to determine what NS records to apply and update the zones individually to match, or should I just replace the whole mess with my authoritative NS records?

Obviously in all cases we'll keep ns1-5.old-ISP.example pointing to valid authoritative servers, and we will work with their customers to fix their NS configuration as quickly as possible so as to best use our infrastructure. We can do a bulk update at the registrar level for most customers, but far from all. 

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140308/e7c8f822/attachment.html>


More information about the dns-operations mailing list