Updating dns glue

Joe Abley jabley at hopcount.ca
Sat Sep 5 11:20:50 UTC 2015


Hi Mike,

On 5 Sep 2015, at 0:34, Mike wrote:

>  Due to a recent fiber cut in northern california, I've stepped up my 
> plan to have one authoritative dns and backup mail exchanger located 
> on another network far, far away. I am sadly having immense trouble 
> with dotster understanding that I need to update the ip address of a 
> glue record, as I host my own stuff,  for which their gui has no 
> abillity and which phone support says open a ticket for which the 
> e-mailed response was utter cluelessness, claiming they checked and 
> it's already set... yeah, you recursed and hit my existing ns which 
> gave you the answer, but it's the roots which need to know....

Some ideas:

1. You could just add a nameserver. There's no rule that says you have 
to have exactly two. You could almost certainly have three. (There are 
some registry-specific rules that specify the minimum and maximum 
numbers, but I've never seen a registry where the maximum was two.) If 
you add a new nameserver, and leave your existing two as they are, 
you've achieved your diversity goal and avoided the problem you're 
currently struggling with. Apply a touch of mind bleach, and you'll 
forget that "glue records" are even a thing.

2. There's no universal answer to the question "how do I update glue 
records in a parent zone". It depends on the registry, and the data 
model they use to link all the various DNS and meta-DNS information they 
store.

[Incidentally, it's almost never the root server operators that need to 
know unless you're running a top-level domain (and even then, it's the 
administrator of the root zone that needs to know, not the root server 
operators). But when you said "roots" you didn't mean root servers, you 
meant "operator of the registry for the parent zone".]

For registries that follow the data model that was originally used for 
COM, NET and ORG, what you're looking for is a database operation 
"modify host object" to happen at the particular registry that contains 
that host object with addresses (a host object subordinate a the 
registry apex, you could call it, somewhat inelegantly).

Once you've found the right registry, you need to figure out how to make 
changes. Find the sponsoring registrar for the domain the host object is 
subordinate to. That's the organisation you need to talk to.

For example,

   QUIRKAFLEEG.NET

is a domain with the following listed nameservers:

[scallop:~]% whois quirkafleeg.net | egrep '^Name Server: .'
Name Server: NS1.P23.DYNECT.NET
Name Server: NS2.P23.DYNECT.NET
Name Server: NS4.P23.DYNECT.NET
Name Server: NS3.P23.DYNECT.NET
[scallop:~]%

If your whois client needs help in finding out what server to use, try 
Rodney's very handy <tld>.whois-servers.net, e.g.

[scallop:~]% host net.whois-servers.net
net.whois-servers.net is an alias for whois.verisign-grs.com.
whois.verisign-grs.com has address 199.7.50.74
whois.verisign-grs.com has IPv6 address 2001:503:5ae2:1000::74
[scallop:~]%

If I decided I wanted to rename NS3.P23.DYNECT.NET, I would need to 
identify the sponsoring registrar for the DYNECT.NET domain name:

[scallop:~]% whois dynect.net | egrep '^Registrar:'
Registrar: DYNAMIC NETWORK SERVICES, INC
[scallop:~]%

The registrant (the person who "owns" the domain) in this case is:

[scallop:~]% whois dynect.net | egrep '^Registrant'
Registrant Name: Dynamic Network Services
Registrant Organization: Dyn
Registrant Street: 150 Dow St, Tower 2
Registrant City: Manchester
Registrant State/Province: NH
Registrant Postal Code: 03101
Registrant Country: US
Registrant Phone: +1.6036684998
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: Domains at dyn.com
[scallop:~]%

So those are the people I would ask to rename (say) NS3.P23.DYNECT.NET. 
Of course in this case they would say "haha, no" and probably advise me 
to add a nameserver rather than trying to reconfigure their commercial 
DNS service. But you get the idea; if the nameserver you want to rename 
is subordinate to a domain name you have administrative control over, 
you could interact with the registrar for the domain and make the 
change.

The precise way a particular registrar will accept such a change varies 
by registrar. Sometimes (I hear) the user interface involves phone calls 
and shouting. But then you have a choice of registrar, if you can figure 
out how to make transfers work.

If your domain and/or nameservers are not named under NET, ORG or COM, 
the above may be useful or, quite possibly, completely irrelevant, 
depending on factors that your registrar is in theory supposed to hide 
from you. There are as many other data models as there are other TLDs, 
almost-maybe, and I certainly don't know the details of all or even many 
of them.

If this is sounding very XKCD-927, that's because it is. This is perhaps 
why lots of people pay others to do this for them (registry/registrar 
shenanigans and DNS hosting) so that they can live their lives with one 
less thing to be angry about.


Joe



More information about the NANOG mailing list