[dns-operations] TLD zones with lame servers

Mark Andrews marka at isc.org
Fri Jun 7 01:54:57 UTC 2019 

How hard is it to inform IANA that a name server is no longer operational?

How hard is it to supply the correct IP addresses, credentials and update
ACLs to allow zones to be transferred?

Nothing listed here should take more than minutes to fix but most/all
of these issues listed here have been going on for months.  The DNS is
supposed to be loosely coherent not permanently incoherent.

cm. cm.cctld.authdns.ripe.net: no address records found (NXDOMAIN)

Name server only listed in root zone.

cm.			86118	IN	NS	auth02.ns.uu.net.
cm.			86118	IN	NS	mbam.camnet.cm.
cm.			86118	IN	NS	ns-cm.nic.fr.
cm.			86118	IN	NS	ns1.nic.cm.
cm.			86118	IN	NS	phloem.uoregon.edu.
cm.			86118	IN	NS	lom.camnet.cm.
cm.			86118	IN	NS	ns.itu.ch.
cm.			86118	IN	NS	ns-cm.afrinic.net.
cm.			86118	IN	NS	kim.camnet.cm.
cm.			86118	IN	NS	benoue.camnet.cm.
cm.			86118	IN	NS	ns2.nic.cm.

ni. ns.cr: no address records found

Name server only listed in root zone.

ni.			86400	IN	NS	ns2.ni.
ni.			86400	IN	NS	ns.ideay.net.ni.
ni.			86400	IN	NS	ns.ni.
ni.			86400	IN	NS	ns.uu.net.
ni.			86400	IN	NS	dns.nic.cr.

td. ns1.nic.td: no address records found (NXDOMAIN)

% dig ns1.nic.td a @nsa.planethoster.net

; <<>> DiG 9.15.0+hotspot+add-prefetch+marka <<>> ns1.nic.td a @nsa.planethoster.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20757
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns1.nic.td.			IN	A

;; AUTHORITY SECTION:
nic.td.			86400	IN	SOA	nsa.planethoster.net. report.planethoster.info. 2019012502 3600 1800 1209600 86400

;; Query time: 247 msec
;; SERVER: 199.188.223.10#53(199.188.223.10)
;; WHEN: Fri Jun 07 11:06:35 AEST 2019
;; MSG SIZE  rcvd: 119

% 

xn--fzc2c9e2c. ns3.ac.lk: no address records found (NXDOMAIN)

Name server only listed in root zone.

xn--fzc2c9e2c.		86283	IN	NS	ns-d.nic.lk.
xn--fzc2c9e2c.		86283	IN	NS	ns-t.nic.lk.
xn--fzc2c9e2c.		86283	IN	NS	ns-l.nic.lk.
xn--fzc2c9e2c.		86283	IN	NS	ns-c.nic.lk.
xn--fzc2c9e2c.		86283	IN	NS	ns1.ac.lk.
xn--fzc2c9e2c.		86283	IN	NS	nic.lk-anycast.pch.net.
xn--fzc2c9e2c.		86283	IN	NS	lk.communitydns.net.

xn--xkc2al3hye2a. ns3.ac.lk: no address records found (NXDOMAIN)

Name server only listed in root zone.

xn--xkc2al3hye2a.	86400	IN	NS	ns-c.nic.lk.
xn--xkc2al3hye2a.	86400	IN	NS	lk.communitydns.net.
xn--xkc2al3hye2a.	86400	IN	NS	ns1.ac.lk.
xn--xkc2al3hye2a.	86400	IN	NS	ns-d.nic.lk.
xn--xkc2al3hye2a.	86400	IN	NS	ns-b.nic.lk.
xn--xkc2al3hye2a.	86400	IN	NS	ns-t.nic.lk.
xn--xkc2al3hye2a.	86400	IN	NS	ns-l.nic.lk.
xn--xkc2al3hye2a.	86400	IN	NS	nic.lk-anycast.pch.net.


xn--ygbi2ammx. idn.pnina.ps: no address records found (NXDOMAIN)

cm. @198.6.1.82 (auth02.ns.uu.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid,cookie,subnet signed=servfail ednstcp=servfail


dj. @196.201.196.41 (bow5.intnet.dj.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail


fj. @128.32.136.3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
fj. @2607:f140:ffff:fffe::3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
fj. @128.32.136.14 (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
fj. @2607:f140:ffff:fffe::e (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused

It looks like adns1.berkeley.edu and adns2.berkeley.edu are only in the root zone for fj.

fj.			86389	IN	NS	rip.psg.com.
fj.			86389	IN	NS	teri.usp.ac.fj.
fj.			86389	IN	NS	manu.usp.ac.fj.
fj.			86389	IN	NS	auth00.ns.uu.net.


km. @196.216.168.46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
km. @2001:43f8:120::46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail


ne. @194.51.3.49 (bow.rain.fr.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
ne. @196.216.168.45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
ne. @2001:43f8:120::45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail

Name server only listed in root zone.

ne.			86400	IN	NS	ns.intnet.ne.
ne.			86400	IN	NS	ns-ne.afrinic.net.
ne.			86400	IN	NS	ne.cctld.authdns.ripe.net.

ni. @200.62.64.1 (ns.tmx.com.ni.): dns=noaa edns=noaa edns1=ok edns at 512=noaa ednsopt=noaa edns1opt=ok do=noaa ednsflags=noaa optlist=noaa signed=noaa ednstcp=noaa

Name server only listed in root zone.

ni.			85424	IN	NS	ns.ni.
ni.			85424	IN	NS	ns.ideay.net.ni.
ni.			85424	IN	NS	dns.nic.cr.
ni.			85424	IN	NS	ns2.ni.
ni.			85424	IN	NS	ns.uu.net.

td. @196.216.168.31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
td. @2001:43f8:120::31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail


xn--d1alf. @78.104.145.4 (dns-mk.univie.ac.at.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid,cookie,subnet signed=refused ednstcp=refused
xn--d1alf. @2001:628:453:bb::4 (dns-mk.univie.ac.at.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid,cookie,subnet signed=refused ednstcp=refused


xn--j1amh. @212.1.66.247 (nsi.uanic.net.): dns=servfail edns=servfail edns1=timeout edns at 512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=servfail optlist=servfail signed=timeout ednstcp=servfail


xn--mgbai9azgqp6j. @202.83.164.167 (ns1.ntc.net.pk.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=ok
xn--mgbai9azgqp6j. @175.107.192.11 (ns2.ntc.net.pk.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail

!!!! Only has single working name server.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list