[dns-operations] TLD zones with lame servers

Doug Barton dougb at dougbarton.email
Fri Jun 7 17:24:42 UTC 2019 

I encourage you to float that recommendation at the next ccNSO meeting. 
Let us know how that goes for you.  :)


On 6/7/19 7:35 AM, Rubens Kuhl wrote:
> 
> I believe it would be totally reasonable for IANA to remove consistently not responding delegations from the root zone. I understand episodes for up to a month, but longer than that, remove those delegations leaving only the working ones for that TLD.
> 
> 
> Unless it comes to 0 working delegations, when every delegation should be published in the hope one or more those responds.
> 
> 
> Rubens
> 
> 
> 
> 
>> Em 6 de jun de 2019, à(s) 22:54:000, Mark Andrews <marka at isc.org> escreveu:
>>
>> How hard is it to inform IANA that a name server is no longer operational?
>>
>> How hard is it to supply the correct IP addresses, credentials and update
>> ACLs to allow zones to be transferred?
>>
>> Nothing listed here should take more than minutes to fix but most/all
>> of these issues listed here have been going on for months.  The DNS is
>> supposed to be loosely coherent not permanently incoherent.
>>
>> cm. cm.cctld.authdns.ripe.net: no address records found (NXDOMAIN)
>>
>> Name server only listed in root zone.
>>
>> cm.			86118	IN	NS	auth02.ns.uu.net.
>> cm.			86118	IN	NS	mbam.camnet.cm.
>> cm.			86118	IN	NS	ns-cm.nic.fr.
>> cm.			86118	IN	NS	ns1.nic.cm.
>> cm.			86118	IN	NS	phloem.uoregon.edu.
>> cm.			86118	IN	NS	lom.camnet.cm.
>> cm.			86118	IN	NS	ns.itu.ch.
>> cm.			86118	IN	NS	ns-cm.afrinic.net.
>> cm.			86118	IN	NS	kim.camnet.cm.
>> cm.			86118	IN	NS	benoue.camnet.cm.
>> cm.			86118	IN	NS	ns2.nic.cm.
>>
>> ni. ns.cr: no address records found
>>
>> Name server only listed in root zone.
>>
>> ni.			86400	IN	NS	ns2.ni.
>> ni.			86400	IN	NS	ns.ideay.net.ni.
>> ni.			86400	IN	NS	ns.ni.
>> ni.			86400	IN	NS	ns.uu.net.
>> ni.			86400	IN	NS	dns.nic.cr.
>>
>> td. ns1.nic.td: no address records found (NXDOMAIN)
>>
>> % dig ns1.nic.td a @nsa.planethoster.net
>>
>> ; <<>> DiG 9.15.0+hotspot+add-prefetch+marka <<>> ns1.nic.td a @nsa.planethoster.net
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20757
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>> ;; WARNING: recursion requested but not available
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;ns1.nic.td.			IN	A
>>
>> ;; AUTHORITY SECTION:
>> nic.td.			86400	IN	SOA	nsa.planethoster.net. report.planethoster.info. 2019012502 3600 1800 1209600 86400
>>
>> ;; Query time: 247 msec
>> ;; SERVER: 199.188.223.10#53(199.188.223.10)
>> ;; WHEN: Fri Jun 07 11:06:35 AEST 2019
>> ;; MSG SIZE  rcvd: 119
>>
>> %
>>
>> xn--fzc2c9e2c. ns3.ac.lk: no address records found (NXDOMAIN)
>>
>> Name server only listed in root zone.
>>
>> xn--fzc2c9e2c.		86283	IN	NS	ns-d.nic.lk.
>> xn--fzc2c9e2c.		86283	IN	NS	ns-t.nic.lk.
>> xn--fzc2c9e2c.		86283	IN	NS	ns-l.nic.lk.
>> xn--fzc2c9e2c.		86283	IN	NS	ns-c.nic.lk.
>> xn--fzc2c9e2c.		86283	IN	NS	ns1.ac.lk.
>> xn--fzc2c9e2c.		86283	IN	NS	nic.lk-anycast.pch.net.
>> xn--fzc2c9e2c.		86283	IN	NS	lk.communitydns.net.
>>
>> xn--xkc2al3hye2a. ns3.ac.lk: no address records found (NXDOMAIN)
>>
>> Name server only listed in root zone.
>>
>> xn--xkc2al3hye2a.	86400	IN	NS	ns-c.nic.lk.
>> xn--xkc2al3hye2a.	86400	IN	NS	lk.communitydns.net.
>> xn--xkc2al3hye2a.	86400	IN	NS	ns1.ac.lk.
>> xn--xkc2al3hye2a.	86400	IN	NS	ns-d.nic.lk.
>> xn--xkc2al3hye2a.	86400	IN	NS	ns-b.nic.lk.
>> xn--xkc2al3hye2a.	86400	IN	NS	ns-t.nic.lk.
>> xn--xkc2al3hye2a.	86400	IN	NS	ns-l.nic.lk.
>> xn--xkc2al3hye2a.	86400	IN	NS	nic.lk-anycast.pch.net.
>>
>>
>> xn--ygbi2ammx. idn.pnina.ps: no address records found (NXDOMAIN)
>>
>> cm. @198.6.1.82 (auth02.ns.uu.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid,cookie,subnet signed=servfail ednstcp=servfail
>>
>>
>> dj. @196.201.196.41 (bow5.intnet.dj.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
>>
>>
>> fj. @128.32.136.3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
>> fj. @2607:f140:ffff:fffe::3 (adns1.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
>> fj. @128.32.136.14 (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
>> fj. @2607:f140:ffff:fffe::e (adns2.berkeley.edu.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
>>
>> It looks like adns1.berkeley.edu and adns2.berkeley.edu are only in the root zone for fj.
>>
>> fj.			86389	IN	NS	rip.psg.com.
>> fj.			86389	IN	NS	teri.usp.ac.fj.
>> fj.			86389	IN	NS	manu.usp.ac.fj.
>> fj.			86389	IN	NS	auth00.ns.uu.net.
>>
>>
>> km. @196.216.168.46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>> km. @2001:43f8:120::46 (ns-km.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>>
>>
>> ne. @194.51.3.49 (bow.rain.fr.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused signed=refused ednstcp=refused
>> ne. @196.216.168.45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>> ne. @2001:43f8:120::45 (ns-ne.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>>
>> Name server only listed in root zone.
>>
>> ne.			86400	IN	NS	ns.intnet.ne.
>> ne.			86400	IN	NS	ns-ne.afrinic.net.
>> ne.			86400	IN	NS	ne.cctld.authdns.ripe.net.
>>
>> ni. @200.62.64.1 (ns.tmx.com.ni.): dns=noaa edns=noaa edns1=ok edns at 512=noaa ednsopt=noaa edns1opt=ok do=noaa ednsflags=noaa optlist=noaa signed=noaa ednstcp=noaa
>>
>> Name server only listed in root zone.
>>
>> ni.			85424	IN	NS	ns.ni.
>> ni.			85424	IN	NS	ns.ideay.net.ni.
>> ni.			85424	IN	NS	dns.nic.cr.
>> ni.			85424	IN	NS	ns2.ni.
>> ni.			85424	IN	NS	ns.uu.net.
>>
>> td. @196.216.168.31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>> td. @2001:43f8:120::31 (ns-td.afrinic.net.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail,nsid signed=servfail ednstcp=servfail
>>
>>
>> xn--d1alf. @78.104.145.4 (dns-mk.univie.ac.at.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid,cookie,subnet signed=refused ednstcp=refused
>> xn--d1alf. @2001:628:453:bb::4 (dns-mk.univie.ac.at.): dns=refused edns=refused edns1=ok edns at 512=refused ednsopt=refused edns1opt=ok do=refused ednsflags=refused optlist=refused,nsid,cookie,subnet signed=refused ednstcp=refused
>>
>>
>> xn--j1amh. @212.1.66.247 (nsi.uanic.net.): dns=servfail edns=servfail edns1=timeout edns at 512=timeout ednsopt=timeout edns1opt=timeout do=timeout ednsflags=servfail optlist=servfail signed=timeout ednstcp=servfail
>>
>>
>> xn--mgbai9azgqp6j. @202.83.164.167 (ns1.ntc.net.pk.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=ok
>> xn--mgbai9azgqp6j. @175.107.192.11 (ns2.ntc.net.pk.): dns=servfail edns=servfail edns1=ok edns at 512=servfail ednsopt=servfail edns1opt=ok do=servfail ednsflags=servfail optlist=servfail signed=servfail ednstcp=servfail
>>
>> !!!! Only has single working name server.
>> -- 
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
>>
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-operations mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>

More information about the dns-operations mailing list