dns authority changes and lame servers

Mike Lewinski mike at rockynet.com
Sat Oct 20 00:24:25 UTC 2007


Simon Lyall wrote:

> Sounds like the real problem is that your authotative and caching DNS
> servers are mixed up.

Understood. I've worked to turn off recursion to the world and made it 
through that without too much pain (except for the people who transport 
statically configured laptops on and off our network). The next step 
isn't trivial since it's a matter of updating quite a lot of data. It's 
important and we're working on it for the benefit of the customers, but 
this will be an operational issue for us for a while.

I'm sure I'll get a response telling me to just change the glue at root 
for the NS and be done, but that won't help any other externally 
registered names pointing to my DNS with their own glue at root. Then 
there are the ARPAs, all with "interesting" pedigrees and various 
processes (true, they are least likely to be the problem, but now I have 
to split the zone management onto more than one server so it's not as 
simple as just changing my glue at root).

And there's the case in the last few years of $REAL_BIG_ILEC who 
provides DSL service and has the same configuration we do. It took some 
legalish threats all the way to their CEO to get a stale zone removed, 
after 9 months of attempting to work through the "regular" channels 
(even their former customer couldn't get the request processed!). Their 
policy is apparently to not remove zones, ever.

So no matter how quickly I transition my network, this is still going to 
affect your customers some day, because there are a lot of other people 
in the same boat I am - lots of statically configured DNS resolvers 
aren't going to change themselves and if the same caching servers are 
also hosting thousands of zones that were added incrementally over the 
last 12+ years....

We gave up long ago trying to get our technical contacts listed on each 
customer domain whois / registrar role account, because we couldn't get 
better than 50% response rate.

> If they are split then it doesn't really matter if you still host a lame
> record because (since it's lame) nobody will ask you about it.

It's still cruft and ideally should still be cleaned up automatically 
based on the external authority changing.



More information about the NANOG mailing list