North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: more on lame-delegation.org, seems to waste IP space and DNS

  • From: John Brown
  • Date: Tue Jun 17 01:06:56 2003

if a domain expires it shouldn't be in the TLD zone, and thats
a seperate issue.

I'm talking about delegations in the gTLD zone that reference
name servers that are INVALID.   These  *.lame-delegation.org
machines are NOT under the authority of NSI, the service
provider who's IP NSI has tagged is having to transit traffic
with no customer relationship with the domain holder or NSI.

When you have broken DNS (ergo MS-Redmond) I can see machines
attempting to query forever.  These  lame-delegation.org. machines
don't answer NXDOMAIN, SERVFAIL or anything else. They just time
out.

given (dig below)  that this zone has TWO NS's listed with
the .NET server and that BOTH are pointing to 'lame-delegation.org'
servers, it would seem to me this violates the registry and registrar
agreements.

If it was me, I'd remove the delegation from the .NET server
and place a tag in the "whois data" saying that valid NS's
need to be added.

I would also recommend that NSI (and others) configure a 
set of machines that answer NXDOMAIN for these LAME zones,
place these on systems NSI has control over.



columbia# dig @a.gtld-servers.net artists-quote.net ns
 
; <<>> DiG 8.3 <<>> @a.gtld-servers.net artists-quote.net ns
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      artists-quote.net, type = NS, class = IN
 
;; ANSWER SECTION:
artists-quote.net.      2D IN NS        lame10294.lame-delegation.org.
artists-quote.net.      2D IN NS        lame10295.lame-delegation.org.




On Mon, Jun 16, 2003 at 07:05:17PM -0700, [email protected] wrote:
> If what they are doing is not ok, what would you propose?
> 
> Leaving dns hanging when domain is expired is not right either. Deleting 
> domains when some other domain is using dns host in it, will cause 
> problems for registry. They are doing best they can - fast rename and 
> delete domain, then slow notification, change of dns for other domains 
> and delete the glue.
> 
> The way it should work is to have central notification system for all 
> top-level domains and country domains - if dns host is to be deleted, 
> system notifies all zone operators, they check if they have any domains 
> using those dns hosts and delete hosts from under those domains. Once ack 
> is received from everybody (or notification time expires), the host glue 
> is deleted. The problem is that this deletion process takes longer then 
> standard domain deletion and for all registries the time and procedures to 
> delete the domains  are different that is why central system does not 
> seem to work. 
> 
> On Mon, 16 Jun 2003, John Brown wrote:
> 
> > 
> > so i've been doing a bit more research on this.
> > 
> > NSI has *.lame-delegation.org which is used on zones where
> > selected or all NS are not valid for a zone.
> > 
> > some zones have a   lame-delegation.org  NS listed *AND* a
> > NS that is answering for the zone.
> > 
> > most zones have all NS's listed as  lame-delegation.org
> > 
> > Big deal you say, who cares....
> > 
> > The side affect is that a good chuck of glue records are
> > listed in the the gTLD DNS servers with NS's and IP's that
> > are basicly invalid.
> > 
> > In looking at a single /19 used by Rackspace.com, there
> > are 559 NS's listed using IP's from that /19.  
> > 
> > Of those 559 NS's over 20 are IP's tagged as  
> > *.lame-delegation.org.
> > 
> > 
> > What happens if someone sets up a service on those
> > IP's and a "quasi" lame zone gets a flood of traffic??
> > 
> > That poor customer is going to see a flood of DNS traffic.
> > 
> > Hosting providers may not be aware that THEIR IP space
> > is being "renamed" and listed for things they don't have
> > control over.
> > 
> > My thoughts are that if a registry as a  NS that is not proper
> > for a zone, that it should be REMOVE from the zones NS 
> > set.  
> > 
> > If there are no valid NS's for a zone, then the registry
> > should REMOVE the zone from the DNS.
> > 
> > 
> > Otherwise the registry zones will just grow with random glue
> > 
> > 
> > The other registries and registrars are doing similar things,
> > but different names....
> > 
> > 
> > 
>