[dns-operations] Weirdness with glue for old (gone) DNS servers

Chris Adams cma at cmadams.net
Tue May 13 18:53:36 UTC 2014

While doing some server cleanup, I deleted some domains from our DNS
servers that no longer point to them.  I then ran into a domain that a
customer insisted had been working and I broke it.

The way I tested for "working" was basically using "dig +trace"
(actually in a perl script but functionally equivalent).  What I found
is that this one domain is registered with nameservers in another domain
that no longer exists (that used to point to our servers).  The NS
records come back modified with ns-not-in-service.com appended, which
then don't resolve (as I expected).

However, I found (after re-adding the domain to our servers), the domain
works.  "dig +trace" didn't work because while the not-in-service bit
doesn't resolve, the .COM servers include glue that still points to the
correct IPs.  This IMHO is broken and confusing - does anybody know if
it is intentional?  We are preparing to change our NS IPs, and I would
have no way of updating this stale glue.

$ dig @a.gtld-servers.net gentry-group.com ns

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @a.gtld-servers.net gentry-group.com ns
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59955
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;gentry-group.com.		IN	NS

gentry-group.com.	172800	IN	NS	ns2.iol25.com.ns-not-in-service.com.
gentry-group.com.	172800	IN	NS	ns1.iol25.com.ns-not-in-service.com.

ns2.iol25.com.ns-not-in-service.com. 172800 IN A
ns1.iol25.com.ns-not-in-service.com. 172800 IN A

;; Query time: 2 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Tue May 13 13:30:43 2014
;; MSG SIZE  rcvd: 130

Chris Adams <cma at cmadams.net>

More information about the dns-operations mailing list