[dns-operations] dynect.net outage

Ralf Weber dns at fl1ger.de
Mon May 30 05:13:28 UTC 2022


On 30 May 2022, at 1:12, Robert Edmonds wrote:
> Simon Arlott via dns-operations wrote:
>> I currently have this cached list of nameservers for dynect.net:
>> dynect.net.		14931	IN	NS	cgydc01dnsext01.us.oracle.com.
>> dynect.net.		14931	IN	NS	tvp02dnsext02.tvp.oracle.com.
>> dynect.net.		14931	IN	NS	sydc01dns03.au.oracle.com.
>> dynect.net.		14931	IN	NS	trdc01dnsext01.us.oracle.com.
>> dynect.net.		14931	IN	NS	adc08dnsext02.us.oracle.com.
>> dynect.net.		14931	IN	NS	rmdc02dnsext01.us.oracle.com.
>> dynect.net.		14931	IN	NS	llg07dnsext02.llg.oracle.com.
>> dynect.net.		14931	IN	NS	llg07dnsext01.llg.oracle.com.
>> dynect.net.		14931	IN	NS	iad-dns-master.oraclecorp.com.
>> dynect.net.		14931	IN	NS	adc08dnsext01.us.oracle.com.
>> dynect.net.		14931	IN	NS	rmdc02dnsext02.us.oracle.com.
>> ;; WHEN: Fri May 27 17:10:08 BST 2022
>> All of these hostnames are NXDOMAIN in the oracle.com/oraclecorp.com
>> zones. Looks like someone has reconfigured the nameservers for
>> dynect.net and then immediately pulled the A/AAAA records for the old
>> names without waiting out the TTL on the old NS records.
> This was https://www.dynstatus.com/incidents/1xlbp98xr3y2.
So how do you expect the domain to be resolved if all of your out
of bailiwick name server names no longer point to an IP address?

>> Unbound gives up and returns SERVFAIL for anything using dynect.net
>> because it exceeds the maximum number of NXDOMAIN responses for
>> nameserver hostnames.
Maybe this is happening where you still have the A/AAAA record
cached for delegation, but you can’t rely on that. If a domain is
not being able to be resolved from a cold/empty cache it is broken,
and the domain owner has to deal with the consequences. End of story.

So long
Ralf Weber

More information about the dns-operations mailing list