[dns-operations] TLD zones with lame servers
Rubens Kuhl
rubensk at nic.br
Fri Jun 7 14:35:33 UTC 2019
I believe it would be totally reasonable for IANA to remove consistently not responding delegations from the root zone. I understand episodes for up to a month, but longer than that, remove those delegations leaving only the working ones for that TLD.
Unless it comes to 0 working delegations, when every delegation should be published in the hope one or more those responds.
Rubens
> Em 6 de jun de 2019, à(s) 22:54:000, Mark Andrews <marka at isc.org> escreveu:
>
> How hard is it to inform IANA that a name server is no longer operational?
>
> How hard is it to supply the correct IP addresses, credentials and update
> ACLs to allow zones to be transferred?
>
> Nothing listed here should take more than minutes to fix but most/all
> of these issues listed here have been going on for months. The DNS is
> supposed to be loosely coherent not permanently incoherent.
>
> cm. cm.cctld.authdns.ripe.net: no address records found (NXDOMAIN)
>
> Name server only listed in root zone.
>
> cm. 86118 IN NS auth02.ns.uu.net.
> cm. 86118 IN NS mbam.camnet.cm.
> cm. 86118 IN NS ns-cm.nic.fr.
> cm. 86118 IN NS ns1.nic.cm.
> cm. 86118 IN NS phloem.uoregon.edu.
> cm. 86118 IN NS lom.camnet.cm.
> cm. 86118 IN NS ns.itu.ch.
> cm. 86118 IN NS ns-cm.afrinic.net.
> cm. 86118 IN NS kim.camnet.cm.
> cm. 86118 IN NS benoue.camnet.cm.
> cm. 86118 IN NS ns2.nic.cm.
>
> ni. ns.cr: no address records found
>
> Name server only listed in root zone.
>
> ni. 86400 IN NS ns2.ni.
> ni. 86400 IN NS ns.ideay.net.ni.
> ni. 86400 IN NS ns.ni.
> ni. 86400 IN NS ns.uu.net.
> ni. 86400 IN NS dns.nic.cr.
>
> td. ns1.nic.td: no address records found (NXDOMAIN)
>
> % dig ns1.nic.td a @nsa.planethoster.net
>
> ; <<>> DiG 9.15.0+hotspot+add-prefetch+marka <<>> ns1.nic.td a @nsa.planethoster.net
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20757
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;ns1.nic.td. IN A
>
> ;; AUTHORITY SECTION:
> nic.td. 86400 IN SOA nsa.planethoster.net. report.planethoster.info. 2019012502 3600 1800 1209600 86400
>
> ;; Query time: 247 msec
> ;; SERVER: 199.188.223.10#53(199.188.223.10)
> ;; WHEN: Fri Jun 07 11:06:35 AEST 2019
> ;; MSG SIZE rcvd: 119
>
> %
>
> xn--fzc2c9e2c. ns3.ac.lk: no address records found (NXDOMAIN)
>
> Name server only listed in root zone.
>
> xn--fzc2c9e2c. 86283 IN NS ns-d.nic.lk.
> xn--fzc2c9e2c. 86283 IN NS ns-t.nic.lk.
> xn--fzc2c9e2c. 86283 IN NS ns-l.nic.lk.
> xn--fzc2c9e2c. 86283 IN NS ns-c.nic.lk.
> xn--fzc2c9e2c. 86283 IN NS ns1.ac.lk.
> xn--fzc2c9e2c. 86283 IN NS nic.lk-anycast.pch.net.
> xn--fzc2c9e2c. 86283 IN NS lk.communitydns.net.
>
> xn--xkc2al3hye2a. ns3.ac.lk: no address records found (NXDOMAIN)
>
> Name server only listed in root zone.
>
> xn--xkc2al3hye2a. 86400 IN NS ns-c.nic.lk.
> xn--xkc2al3hye2a. 86400 IN NS lk.communitydns.net.
> xn--xkc2al3hye2a. 86400 IN NS ns1.ac.lk.
> xn--xkc2al3hye2a. 86400 IN NS ns-d.nic.lk.
> xn--xkc2al3hye2a. 86400 IN NS ns-b.nic.lk.
> xn--xkc2al3hye2a. 86400 IN NS ns-t.nic.lk.
> xn--xkc2al3hye2a. 86400 IN NS ns-l.nic.lk.
> xn--xkc2al3hye2a. 86400 IN NS nic.lk-anycast.pch.net.
>
>
> xn--ygbi2ammx. idn.pnina.ps: no address records found (NXDOMAIN)
>
> cm. @198.6.1.82 (auth02.ns.uu.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid,cookie,subnet signed=servfail ednstcp=servfail
>
>
> dj. @196.201.196.41 (bow5.intnet.dj.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
>
>
> fj. @128.32.136.3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> fj. @2607:f140:ffff:fffe::3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> fj. @128.32.136.14 (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> fj. @2607:f140:ffff:fffe::e (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
>
> It looks like adns1.berkeley.edu and adns2.berkeley.edu are only in the root zone for fj.
>
> fj. 86389 IN NS rip.psg.com.
> fj. 86389 IN NS teri.usp.ac.fj.
> fj. 86389 IN NS manu.usp.ac.fj.
> fj. 86389 IN NS auth00.ns.uu.net.
>
>
> km. @196.216.168.46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> km. @2001:43f8:120::46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>
>
> ne. @194.51.3.49 (bow.rain.fr.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
> ne. @196.216.168.45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> ne. @2001:43f8:120::45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>
> Name server only listed in root zone.
>
> ne. 86400 IN NS ns.intnet.ne.
> ne. 86400 IN NS ns-ne.afrinic.net.
> ne. 86400 IN NS ne.cctld.authdns.ripe.net.
>
> ni. @200.62.64.1 (ns.tmx.com.ni.): dns=noaa edns=noaa edns1=ok edns at 512=noaa ednsopt=noaa edns1opt=ok do=noaa ednsflags=noaa optlist=noaa signed=noaa ednstcp=noaa
>
> Name server only listed in root zone.
>
> ni. 85424 IN NS ns.ni.
> ni. 85424 IN NS ns.ideay.net.ni.
> ni. 85424 IN NS dns.nic.cr.
> ni. 85424 IN NS ns2.ni.
> ni. 85424 IN NS ns.uu.net.
>
> td. @196.216.168.31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
> td. @2001:43f8:120::31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>
>
> xn--d1alf. @78.104.145.4 (dns-mk.univie.ac.at.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid,cookie,subnet signed=refused ednstcp=refused
> xn--d1alf. @2001:628:453:bb::4 (dns-mk.univie.ac.at.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid,cookie,subnet signed=refused ednstcp=refused
>
>
> xn--j1amh. @212.1.66.247 (nsi.uanic.net.): dns=servfail edns=servfail edns1=timeout edns at 512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=servfail optlist=servfail signed=timeout ednstcp=servfail
>
>
> xn--mgbai9azgqp6j. @202.83.164.167 (ns1.ntc.net.pk.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=ok
> xn--mgbai9azgqp6j. @175.107.192.11 (ns2.ntc.net.pk.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
>
> !!!! Only has single working name server.
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list