[dns-operations] TLD zones with lame servers
Peter van Dijk
peter.van.dijk at powerdns.com
Tue Jun 18 14:59:09 UTC 2019
On Thu, 2019-06-13 at 22:50 +0200, Anand Buddhdev wrote:
> So the case of CM is interesting. The operator has removed
> cm.cctld.authdns.ripe.net from the CM zone. The operator has signalled
> that the RIPE NCC server shouldn't be serving the zone.
>
> RIPE NCC is also signalling, via NXDOMAIN, that this name server really
> should not be in use.
While NXDOMAIN is a _very_ effective way to signal such, it would
surprise me if that is actually what happens. I am happy to see that in
reality, REFUSED is returned:
$ dig a foo.cm @193.0.9.68
; <<>> DiG 9.11.5-P4-5-Debian <<>> a foo.cm @193.0.9.68
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25208
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.cm. IN A
;; Query time: 8 msec
;; SERVER: 193.0.9.68#53(193.0.9.68)
;; WHEN: Tue Jun 18 16:56:16 CEST 2019
;; MSG SIZE rcvd: 35
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dns-operations
mailing list