[dns-operations] The strange case of fox.com

Florian Weimer fw at deneb.enyo.de
Tue Mar 1 10:09:26 UTC 2016

* Mark Andrews:

> In message <56D47005.20206 at redbarn.org>, Paul Vixie writes:
>> it's never been practical for a registry to check the NS RR's of its 
>> delegated child apexes. i think that both registrars and registrants 
>> should do so, and would do so if there were better tooling available.
> For each NS registered in whois / parent zone
> 	dig NS +norec zone +short @NS | tr '[A-Z]' '[a-z]' | sort
> 	if (NS set does not match)
> 		flag for followup where followup involved re-testing
> 			after X hours then sending email to contacts
> 			for zone.
> This is not rocket science.  The tools have existed to do this for
> decades now.

It is complicated because WHOIS data typically does not contain
contact information of those who can make changes to zone contents.
Most people who would have to make the changes would not know what
they are doing exactly, and why the changes are needed.

More information about the dns-operations mailing list