[dns-operations] Weirdness with glue for old (gone) DNS servers

Jared Mauch jared at puck.nether.net
Wed May 14 22:13:07 UTC 2014


On May 14, 2014, at 3:22 AM, Jim Reid <jim at rfc1035.com> wrote:

> On 13 May 2014, at 22:51, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> 
>> "Check every name using your nameservers at the parent side for glue before renumbering".
> 
> If only it was that simple Andrew. :-)
> 
> A delegation in TLD1 might point at a name in TLD2. So when the reference count for ns.foo.tld2 drops to zero, the registry deletes it from the DNS even though there's an NS record with RDATA for ns.foo.tld2 in TLD1.
> 
> ISTR this caused some pain when org was separated from the Verisign registry. I think at that time nameserver objects in the SRS were "shared" across all three TLDs.

I recall a great deal of pain when renumbering a nameserver and folks would keep re-registering it, or a name on that IP address that I was trying to move them all away from back in 96-97 timeframe.  Now we have something that's perhaps 'equally' bad which is there are many names in the TLDs that point to the same IP address, eg:

Aborting search 50 records found .....
NS7.HANGGORO.COM
TITAN.LOSTSERVER.NET
NS2.ATOPIA.NET
C.NS.OTAHUNA.NET
NS2.GREYBEAM.NET
NS3.AGYEI.NET
NS3.CRYSTALONE.NET
C.NS.THORIUMINVESTMENTS.COM
C.NS.OSMIUMGLOBAL.COM
NS2.KARDINGS.COM
NS2.PATEDMA.COM
NS3.HIJINKS.COM
C.NS.MAILFORWARDED.COM
NS2.ETEAMBUILD.COM
NS4.SIDEBARDISABLER.NET
NS1.PRIORITYLANE.COM
DNS2.GRANABIKE.COM
NS3.MICRODUAL.COM
NS2.TETRO.NET
NS3.BACASOFT.COM
NS2.XENONCORE.NET
NS2.DGSI.COM
NSFICKDICH.CSE-SERVER.COM
NS7.DNS-DIENST.NET
NS2.PCH.NET
NS2.QLOGICS.COM
NS2.KEITHLAMCPA.COM
C.NS.OSMIUM-INVESTMENTS.COM
NS2.POPUTKA.COM
NS3.QLOGICS.COM
NS2.FETTLE.NET
NS2.PEDANT.NET
NS2.MOTORTRAK.COM
NS2.CMUNGERJR.COM
NS2.MISSALAINEOUS.COM
B.NS.QMUTE.COM
B.NS.SUREJOURNEY.COM
B.NS.QONTIX.COM
NS2.BITLANCER.NET
NS2.LYONOPENLAB.NET
NS3.SIDOPORT.COM
NS02.SPYRO.NET
NS3.MZANSIDNS.NET
NS4.VITTGAM.NET
NS4.CAIZHENGZHU.COM
NS3.IDOPORT.COM
B.NS.CATAAFFE.COM
NS2.PRIMADESIGN.COM
NS2.SPRIXA.COM
NS6.OFLOO.NET

I'm sure there are more as well.. the worst part is some have AAAA and some have both AAAA and A..

- Jared


More information about the dns-operations mailing list