[dns-operations] Weirdness with glue for old (gone) DNS servers
Mark Andrews
marka at isc.org
Tue May 13 22:14:51 UTC 2014
See whois gentry-group.com
Admin Name: John Gentry
Admin Organization: Gentry Masonry Construction
Admin Street: 5213 El Mercado Pkwy. Suite F
Admin City: Santa Rosa
Admin State/Province: CA
Admin Postal Code: 95403
Admin Country: US
Admin Phone: 707-570-1063
Admin Phone Ext:
Admin Fax: 707-570-1536
Admin Fax Ext:
Admin Email: devryjg at gte.net
John Gentry should be able to update the NS records. Failing that
request that COM remove the fake glue records pointing to your
machines. Fully break the delegation. You are not required to go
through a registrar to fix a problem with someone else registration.
Registrars should be contacting the registrant if they see broken
delegations like this and if they are unreachable after a reasonable
period of time they should be pulling the delegation. Garbage like
this should not persist.
Mark
In message <20140513185336.GA9446 at cmadams.net>, Chris Adams writes:
> While doing some server cleanup, I deleted some domains from our DNS
> servers that no longer point to them. I then ran into a domain that a
> customer insisted had been working and I broke it.
>
> The way I tested for "working" was basically using "dig +trace"
> (actually in a perl script but functionally equivalent). What I found
> is that this one domain is registered with nameservers in another domain
> that no longer exists (that used to point to our servers). The NS
> records come back modified with ns-not-in-service.com appended, which
> then don't resolve (as I expected).
>
> However, I found (after re-adding the domain to our servers), the domain
> works. "dig +trace" didn't work because while the not-in-service bit
> doesn't resolve, the .COM servers include glue that still points to the
> correct IPs. This IMHO is broken and confusing - does anybody know if
> it is intentional? We are preparing to change our NS IPs, and I would
> have no way of updating this stale glue.
>
> $ dig @a.gtld-servers.net gentry-group.com ns
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @a.gtld-servers.net ge
> ntry-group.com ns
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59955
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;gentry-group.com. IN NS
>
> ;; AUTHORITY SECTION:
> gentry-group.com. 172800 IN NS ns2.iol25.com.ns-not-in-service
> .com.
> gentry-group.com. 172800 IN NS ns1.iol25.com.ns-not-in-service
> .com.
>
> ;; ADDITIONAL SECTION:
> ns2.iol25.com.ns-not-in-service.com. 172800 IN A 63.238.52.2
> ns1.iol25.com.ns-not-in-service.com. 172800 IN A 63.238.52.1
>
> ;; Query time: 2 msec
> ;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
> ;; WHEN: Tue May 13 13:30:43 2014
> ;; MSG SIZE rcvd: 130
>
>
> --
> Chris Adams <cma at cmadams.net>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list