[dns-operations] Weirdness with glue for old (gone) DNS servers

Andrew Sullivan ajs at anvilwalrusden.com
Thu May 15 04:07:43 UTC 2014

On Wed, May 14, 2014 at 03:07:01PM -0700, Dave Warren wrote:
> I *think* the concern is that the registry might be reluctant to
> modify the configuration for one zone due to a change made on
> another, administratively unrelated, zone.

No, the registry doesn't modify anyone's zone configuration.  Just the
registry's zone.  

The problem is that the registry has delegated to the registrar the
authority over a name space.  Within that name space, the registrar
changes the name of an object.  This is entirely within their rights,
because they own the object _by virtue of_ the delegation of the name
space.  This has side effects for some other name in the registry, and
the answer to that is, "Too bad.  You shouldn't have used a nameserver
in your NS record if they weren't going to tell you they were changing
its name.  And if they _did_ tell you, why didn't you update it?"

Let me see if I can make it clearer.  Suppose we have two timelines:



1.  RegistrarA registers example.com.

2.  Registrant of example.com stands up a name server there, and sends
glue records through RegistrarA for ns.example.com.  

3.  RegistrarB creates example2.com with a nameserver ns.example.com.

4.  Registrant of example.com doesn't pay the bill.  RegistrarA
doesn't want to pay for the renewal of example.com.  It tries to
delete the name, but can't because of an existing subordinate host
(see RFC 5731 section 1.1).

5.  RegstrarA tries to delete ns.example.com, but this is denied
because of the link to domain object example2.com (see RFC 5732
section 3.2.2).

6.  RegistrarA renames ns.example.com to
ns.example.com.lamedelegations.registrara.com.  By putting the
"lamedelegations" label in there, they are using the only real
signalling mechanism they have in the registry to point out the
problem.  RegistrarA can now delete example.com and not have to pay
the registration fee for the year.

7.  The registry generates zone changes for the registry's zone, and
the NS for example2.com becomes
ns.example.com.lamedelegations.registrara.com., thereby making
example2.com lame.  It still works because of the glue records that
continue to be carried with the host name.

I think it would be nice to use the Shared Registration System (that's
what "SRS" stands for) to facilitate this communication, but as it
happens everyone disagreed with that idea in 2003 or so.

> How about when a domain under .com disappears, how would .org know
> to change/remove the delegation.

This happens all the time, actually.  The nice thing in that case,
however, is because those are "external" names, there's no glue, so
the delegation starts failing as soon as caches time out.  For some
value of "nice".

Best regards,


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list