North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Just got on this thing (perhaps very belatedly) - root server trouble?

  • From: Karl Denninger
  • Date: Tue Feb 18 17:40:59 1997

> 
> > You hear that right folks.  About 30% of the nameservers which supposedly 
> > are authoritative for .COM domains are either:
> > 	1)	Non-existant (they don't resolve to an IP address)
> > 	2)	Unreachable
> > or	3)	Don't know what "." is (!) 
> > 
> > Now, if it turns out that the number of so-called delegations which aren't
> > really backed by authority records is also 30% of the listing, then that
> > means that of the 790,000+ domains in the COM zone, only about 265,000 are
> > "real", in that they have both a nameserver online AND a proper authority
> > record on that nameserver.
> > 
> > This is a direct result of NSI accepting applications for domains, and
> > listing them, without checking for authoritative SOA records before issuing
> > the records in the COM zone!
> > 
> > I'm apalled at these numbers.
> 
> For once we agree. NSI should have stopped this practice long ago. You'll
> be pleased to hear that there are other name registries (for instance the
> one serving the "no" (Norway) TLD that actually perform this check.
> 
> Note that checking when an application is received isn't really enough.
> In Norway we run regular (monthly) checks of all the second-level domains
> under "no", and we always find a number of name servers which have ceased
> being authoritative in the time since last check.
> 
> Steinar Haug, Nethelp consulting, [email protected]

We haven't even gotten that far yet.  I'm just looking at the following
things right now:

1)	Does the hostname listed in the NS line resolve.
2)	Does the resolved hostname actually GO anywhere.
3)	Is there something listening on UDP port 53 at that location.
4)	Does it know what "." is.

We're now well into the "C"s, and so far 32% of the NS lines in the TLD
list for COM file fail one of these four tests!

This is pretty clearly unacceptable, and far worse than I had ever
imagined it was.

--
-- 
Karl Denninger ([email protected])| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl     | T1's from $600 monthly to FULL DS-3 Service
			     | 99 Analog numbers, 77 ISDN, Web servers $75/mo
Voice: [+1 312 803-MCS1 x219]| Email to "[email protected]" WWW: http://www.mcs.net/
Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
- - - - - - - - - - - - - - - - -