[dns-operations] TLD zones with lame servers

Rubens Kuhl rubensk at nic.br
Fri Jun 7 14:35:33 UTC 2019


I believe it would be totally reasonable for IANA to remove consistently not responding delegations from the root zone. I understand episodes for up to a month, but longer than that, remove those delegations leaving only the working ones for that TLD. 


Unless it comes to 0 working delegations, when every delegation should be published in the hope one or more those responds. 


Rubens




> Em 6 de jun de 2019, à(s) 22:54:000, Mark Andrews <marka at isc.org> escreveu:
> 
> How hard is it to inform IANA that a name server is no longer operational?
> 
> How hard is it to supply the correct IP addresses, credentials and update
> ACLs to allow zones to be transferred?
> 
> Nothing listed here should take more than minutes to fix but most/all
> of these issues listed here have been going on for months.  The DNS is
> supposed to be loosely coherent not permanently incoherent.
> 
> cm. cm.cctld.authdns.ripe.net: no address records found (NXDOMAIN)
> 
> Name server only listed in root zone.
> 
> cm.			86118	IN	NS	auth02.ns.uu.net.
> cm.			86118	IN	NS	mbam.camnet.cm.
> cm.			86118	IN	NS	ns-cm.nic.fr.
> cm.			86118	IN	NS	ns1.nic.cm.
> cm.			86118	IN	NS	phloem.uoregon.edu.
> cm.			86118	IN	NS	lom.camnet.cm.
> cm.			86118	IN	NS	ns.itu.ch.
> cm.			86118	IN	NS	ns-cm.afrinic.net.
> cm.			86118	IN	NS	kim.camnet.cm.
> cm.			86118	IN	NS	benoue.camnet.cm.
> cm.			86118	IN	NS	ns2.nic.cm.
> 
> ni. ns.cr: no address records found
> 
> Name server only listed in root zone.
> 
> ni.			86400	IN	NS	ns2.ni.
> ni.			86400	IN	NS	ns.ideay.net.ni.
> ni.			86400	IN	NS	ns.ni.
> ni.			86400	IN	NS	ns.uu.net.
> ni.			86400	IN	NS	dns.nic.cr.
> 
> td. ns1.nic.td: no address records found (NXDOMAIN)
> 
> % dig ns1.nic.td a @nsa.planethoster.net
> 
> ; <<>> DiG 9.15.0+hotspot+add-prefetch+marka <<>> ns1.nic.td a @nsa.planethoster.net
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20757
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;ns1.nic.td.			IN	A
> 
> ;; AUTHORITY SECTION:
> nic.td.			86400	IN	SOA	nsa.planethoster.net. report.planethoster.info. 2019012502 3600 1800 1209600 86400
> 
> ;; Query time: 247 msec
> ;; SERVER: 199.188.223.10#53(199.188.223.10)
> ;; WHEN: Fri Jun 07 11:06:35 AEST 2019
> ;; MSG SIZE  rcvd: 119
> 
> % 
> 
> xn--fzc2c9e2c. ns3.ac.lk: no address records found (NXDOMAIN)
> 
> Name server only listed in root zone.
> 
> xn--fzc2c9e2c.		86283	IN	NS	ns-d.nic.lk.
> xn--fzc2c9e2c.		86283	IN	NS	ns-t.nic.lk.
> xn--fzc2c9e2c.		86283	IN	NS	ns-l.nic.lk.
> xn--fzc2c9e2c.		86283	IN	NS	ns-c.nic.lk.
> xn--fzc2c9e2c.		86283	IN	NS	ns1.ac.lk.
> xn--fzc2c9e2c.		86283	IN	NS	nic.lk-anycast.pch.net.
> xn--fzc2c9e2c.		86283	IN	NS	lk.communitydns.net.
> 
> xn--xkc2al3hye2a. ns3.ac.lk: no address records found (NXDOMAIN)
> 
> Name server only listed in root zone.
> 
> xn--xkc2al3hye2a.	86400	IN	NS	ns-c.nic.lk.
> xn--xkc2al3hye2a.	86400	IN	NS	lk.communitydns.net.
> xn--xkc2al3hye2a.	86400	IN	NS	ns1.ac.lk.
> xn--xkc2al3hye2a.	86400	IN	NS	ns-d.nic.lk.
> xn--xkc2al3hye2a.	86400	IN	NS	ns-b.nic.lk.
> xn--xkc2al3hye2a.	86400	IN	NS	ns-t.nic.lk.
> xn--xkc2al3hye2a.	86400	IN	NS	ns-l.nic.lk.
> xn--xkc2al3hye2a.	86400	IN	NS	nic.lk-anycast.pch.net.
> 
> 
> xn--ygbi2ammx. idn.pnina.ps: no address records found (NXDOMAIN)
> 
> cm. @198.6.1.82 (auth02.ns.uu.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid,cookie,subnet signed=servfail ednstcp=servfail
> 
> 
> dj. @196.201.196.41 (bow5.intnet.dj.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
> 
> 
> fj. @128.32.136.3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> fj. @2607:f140:ffff:fffe::3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> fj. @128.32.136.14 (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> fj. @2607:f140:ffff:fffe::e (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> 
> It looks like adns1.berkeley.edu and adns2.berkeley.edu are only in the root zone for fj.
> 
> fj.			86389	IN	NS	rip.psg.com.
> fj.			86389	IN	NS	teri.usp.ac.fj.
> fj.			86389	IN	NS	manu.usp.ac.fj.
> fj.			86389	IN	NS	auth00.ns.uu.net.
> 
> 
> km. @196.216.168.46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> km. @2001:43f8:120::46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> 
> 
> ne. @194.51.3.49 (bow.rain.fr.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> ne. @196.216.168.45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> ne. @2001:43f8:120::45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> 
> Name server only listed in root zone.
> 
> ne.			86400	IN	NS	ns.intnet.ne.
> ne.			86400	IN	NS	ns-ne.afrinic.net.
> ne.			86400	IN	NS	ne.cctld.authdns.ripe.net.
> 
> ni. @200.62.64.1 (ns.tmx.com.ni.): dns=noaa edns=noaa edns1=ok edns at 512=noaa ednsopt=noaa edns1opt=ok do=noaa ednsflags=noaa optlist=noaa signed=noaa ednstcp=noaa
> 
> Name server only listed in root zone.
> 
> ni.			85424	IN	NS	ns.ni.
> ni.			85424	IN	NS	ns.ideay.net.ni.
> ni.			85424	IN	NS	dns.nic.cr.
> ni.			85424	IN	NS	ns2.ni.
> ni.			85424	IN	NS	ns.uu.net.
> 
> td. @196.216.168.31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> td. @2001:43f8:120::31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> 
> 
> xn--d1alf. @78.104.145.4 (dns-mk.univie.ac.at.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid,cookie,subnet signed=refused ednstcp=refused
> xn--d1alf. @2001:628:453:bb::4 (dns-mk.univie.ac.at.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid,cookie,subnet signed=refused ednstcp=refused
> 
> 
> xn--j1amh. @212.1.66.247 (nsi.uanic.net.): dns=servfail edns=servfail edns1=timeout edns at 512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=servfail optlist=servfail signed=timeout ednstcp=servfail
> 
> 
> xn--mgbai9azgqp6j. @202.83.164.167 (ns1.ntc.net.pk.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=ok
> xn--mgbai9azgqp6j. @175.107.192.11 (ns2.ntc.net.pk.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
> 
> !!!! Only has single working name server.
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations





More information about the dns-operations mailing list