Just got on this thing (perhaps very belatedly) - root server trouble?

Dean Gaudet dgaudet at arctic.org
Tue Feb 18 21:47:38 UTC 1997


What is your point?  IMHO it's far better for NSI to accept the
applications without working SOA.  Otherwise you lock people into paying
ISPs to hold domains for them.  While that might give you business,
it's not something that NSI should enforce, or should have to enforce.

Furthermore, the NSI registration system has become FAR more reliable
since the removal of that check.  In order to ensure that SOAs are
always available they would have to continually check all the zones.
I personally do not trust anyone, not you, not NSI, not even myself to
do that without dropping zones accidentally now and then.  Why introduce
those problems into the system when it works just fine without them?

Furthermore, when I ran a similar survey four months ago things didn't
seem nearly this bad.  Although I was only taking the com.zone NS records
and querying them for "nic." NS records.  I was happy to see that less
than 1% of them were corrupted by a bogus "nic." tld.

Dean

On Tue, 18 Feb 1997, Karl Denninger wrote:

> > There are
> > approximately 50,000 name servers that are authoritative for .com
> > (according to the .com zone file from the InterNIC). 
> 
> No.  There are approximately 50,000 unique nameserver hostnames.  At least 
> 1/3rd of these, according to the survey I'm running right now, are completely 
> bogus and simply don't exist.
> 
> The survey that I'm running to study penetration of the eDNS roots gives 
> a best guess of the ACTUAL .COM domains which are resolvable to be somewhere 
> between 30% and 60% of the zones listed.
> 
> We're about 10% of the way through the list right now (started early this
> morning) so what I have at this point has statistical significance.
> 
> You hear that right folks.  About 30% of the nameservers which supposedly 
> are authoritative for .COM domains are either:
> 	1)	Non-existant (they don't resolve to an IP address)
> 	2)	Unreachable
> or	3)	Don't know what "." is (!) 
> 
> Now, if it turns out that the number of so-called delegations which aren't
> really backed by authority records is also 30% of the listing, then that
> means that of the 790,000+ domains in the COM zone, only about 265,000 are
> "real", in that they have both a nameserver online AND a proper authority
> record on that nameserver.
> 
> This is a direct result of NSI accepting applications for domains, and
> listing them, without checking for authoritative SOA records before issuing
> the records in the COM zone!
> 
> I'm apalled at these numbers.  In general, DNS is so broken and polluted
> right now that anyone who wants to take cheap shots at the eDNS system had
> better clean up their own yard first.
> 
> The huge majority of eDNS registrars verify SOA and authority records before
> allowing the zone to issue.  I know that we do here, and I was shocked at
> the number of bogus registrations that I had seen over the last few months.
> 
> Now that I've actually studied the existing .COM zone, I'm no longer
> astonished.  What blows me away is the apparent fact that this large of a
> percentage of the data out there is absolute trash, and nobody has cleaned
> up the yard.
> 
> BTW, "entropy" doesn't explain this.  7 out of 8 registrations in COM are
> less than 18 months old according to NSI.
> 
> --
> -- 
> Karl Denninger (karl at MCS.Net)| MCSNet - The Finest Internet Connectivity
> http://www.mcs.net/~karl     | T1's from $600 monthly to FULL DS-3 Service
> 			     | 99 Analog numbers, 77 ISDN, Web servers $75/mo
> Voice: [+1 312 803-MCS1 x219]| Email to "info at mcs.net" WWW: http://www.mcs.net/
> Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
> 






More information about the NANOG mailing list