netsol and host records.
Carter, Gregory
gcarter at infodns.com
Wed Jan 31 23:59:56 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marc,
I've had a similar experience with a domain I had transferred. The domain name
(interx.net) had a host, which was relied upon by 400 other domains
(ns1.interx.net). I transferred the domain name to OpenSRS (as I am a
reseller) and noticed that when I created nameservers on OpenSRS for the domain
name that NSI's old host records for it were overriding since we also changed
the nameserver IP address for the host record. Unfortunately the only solution
we had (since the host was replied upon by other domains) was to fix the host
on NSI as well to reflect the new address. In an ideal world, NSI should also
be able to resolve nameserver hosts on other registrars but I suppose we can
all dream can't we?
In your situation, you should be able to delete the nameserver host if it's not
being relied upon by other domain names. They don't remove it automatically
because they probably don't have any auditing tools coded to check on a regular
basis whether or not a nameserver host is needed. They've always sent through
the host records up to the root servers when you create them whether they are
in use by a domain or not. Perhaps they should give OpenXRS a try.
In short I don't think you'll ever get a straight answer from them however what
they told you "because it's www" is not correct. It happens for ALL nameserver
hosts unfortunately and is just something we have to deal with until they go
bankrupt (wishful thinking?)
Greg
+(gcarter at infoDNS.com)-------------------------------------------------+
| infoDNS http://www.infodns.com/ |
| Senior Network Administrator bits/keyID 1024/7DF9C285 |
| Need help? Ask an expert. -------------> http://www.infoforums.com/ |
+--------[ DC 50 57 59 C3 76 46 E8 EB 75 A8 94 FE 96 9E D3 ]----------+
- -----Original Message-----
From: Marc MERLIN [mailto:marc_news at valinux.com]
Sent: Wednesday, January 31, 2001 3:03 PM
To: nanog at merit.edu
Subject: OT: netsol and host records.
I've really tried, but I'm giving up. I know this is only vaguely related to
routers, but since I couldn't find anyone at netsol who understands their
own system, I'm hoping that someone here has a better idea (through trial
and error)
So, I had a host, www.svlug.org which sat on one net (209.81.8.0) and as we
migrated to a portable netblock, it migrated to 198.186.203.43. To avoid
disruption of service, we had the two nets configured on our router, and the
machine had both IPs.
We updated DNS to switch everything to the 198.186.203.x IPs, all was nice
and dandy.
Later (1 year later), we move locations to a place where 209.81.8.0 isn't
routed anymore, bring the host back up, everything looks cool.
However people start complaining that they can't reach www.svlug.org. We
find out that it still resolves to 209.81.8.243 (the old IP) for some folks.
After a lot of searching, we realize that netsol is still feeding the old IP
to the root name servers who answer the query before the resolvers are
refered to our name servers.
End up finding this:
http://www.networksolutions.com/cgi-bin/whois/whois;?STRING=host+WWW7974-HST&STR
ING=Search
It's now been a month and a half that I've been trying to get rid of that
stupid www.svlug.org host record
Of course, we never created that host record, it was created when svcs.net
and svcs.org (domains owned by someone else) were as they unfortunately
specified www.svlug.org as a name server (something I only found out about
way later because there is no way to know who's using your host record
unless someone really high up at netsol looks that up for you).
So, after moving svlug.org away from netsol (to opensrs), and noticing they
were still feeding www.svlug.org to the root name servers, I called them up
several times, having to dodge the clueless level 1 people who don't know
what a host record is or told me it was not their problem since they don't
serve svlug.org.
(I've stopped using their mail system, I find it much easier to yank the
domain away from them and move it to a registrar who actually knows how to
write a couple of CGI scripts and set up an https server)
Eventually, they tell me about svcs.net which was very unfortunately
registered with www.svlug.org as a name server (instead of ns.svlug.org), I
move that over to opensrs (with the help of the owner who clicks on the URL
that opensrs sends you to confirm the domain move), fix the name servers,
and it still doesn't work.
The owner mentions to me that there is an svcs.org too (they could have told
me, but no...), so wash, rince, and repeat...
Both domains are moved, name servers are fixed, wait a few days.
(so far so good, nothing in this process involves sending mail to their
stupid mail system which never works when I use it anyway, besides I don't
get the answers because after 10 years+, they still haven't fixed their
script to add a 'To:' field in the Email they send)
A week later, they're still feeding the bad data to the root name server.
Call them up 3 times, waste time to go through the clueless level 1 people,
get level 2 folks who kind of understand the problem but who are now "not
habilitated to do a reverse lookup on a host record" to see if any domain is
still using the bad host record.
I insist, ask for a supervisor, ask for someone who can do the damn lookup,
but no, no one is available.
- - Why don't you send a host delete request?
- - Well, if a domain is pointing to it, it won't work now, will it?
- - Err yeah.
- - And you can't tell me what is pointing to it if anything.
- - Err no.
"Send us letterhead"
Yeah, as soon as I go to kinkos and make SVLUG letterhead, I'll do that.
"I'll send you the forms you need to fax"
I never get them because she misspelled my Email address and apparently
never got/saw the bounce from my mail server and insisted that it went
through.
Call again, get escalated again as soon as I confused the level 1 tech
enough.
Ok, this guy can actually confirm that nothing is pointing to www.svlug.org.
(never mind that no one was there to do that 10mn ago when I called)
- - But then why are you still feeding the bad IP to the root name servers?
- - Because it's our database
- - Grrrmm. Ok, look at this:
http://www.networksolutions.com/cgi-bin/whois/whois;?STRING=host+ns2.merlins.org
Notice the bad IP? Well, it stopped mattering the day I moved my domain to
opensrs. If you have no domains pointing to a host record, you stop
feeding that host record to the root name servers, as you should.
Are you sure nothing whatsoever is pointing to it anymore?
- - Yes.
- - Ok, then why are you still feeding it to the root name servers
- - Because it's in our databasse
- - And why don't you do it for ns2.merlins.org?
- - Errr.... Hold on.
(wait)
That's because the hostname is 'www'
- - Let me get this straight. You're telling me that you continue to feed an
orphaned host name record because it has 'www' in its name?
- - Yes
- - Aaaarrrrgggghhh! (eating desk)
- - So what now?
- - Ok, submit the deletion form by Email, get the tracking number, print this
different form, add the tracking number on there, and fax it to us
Swell. I fill the form
(http://www.networksolutions.com/en_US/makechanges/fax/hostform.html),
confirm:
"Domain Not Found!
"svlug.org" domain cannot be found in WHOIS Database. Please go back to the
previous screen and enter a valid domain name."
(of course, svlug.org was moved to opensrs)
Arggggh! I'm going to kill someone....
I printed the unconfirmed web form, added their error message and faxed all
that to two of their fax numbers (with picture ID).
Their cluelessness allows for very nice denial of service attacks
(www.svlug.org has been unusable for 2 months now)
This is probably going to get fixed after a lot of wasted time, but I'd like
to understand why the hell they're still feeding the www.svlug.org host
record to the root name servers (sorry, but I didn't quite buy the "because
it has www in its name" explaination)
In this case, the web server isn't the most important thing in the world
(and svlug.org resolves right), but understanding what's happening would
help if one day the same happens to an revenue generating web server.
Thanks,
Marc
- --
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOnifqCgrak0xvB4zEQJnYACffM+L1xH5Sw00Mb7qHN75qU68WmYAnjZo
XDQJra+eiKXOlElHLx0/Y7MN
=UKyh
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list