North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

dns authority changes and lame servers

  • From: Mike Lewinski
  • Date: Thu Oct 18 14:32:47 2007

I find it exceptionally annoying that there is no process whereby the root servers and/or registrars can inform us of new/modified/removed delegations. The end result is that we serve a lot of stale zones long after they leave us. In the past I've hacked out some perl to audit our BIND configs and find the stuff that's moved, but it's ugly. And really, it's only partially dependable. For example, does the lack of root server records mean that:

1) the customer abandoned the zone and no longer wishes us to host it
- or -
2) the customer forgot to pay the zone today, and tomorrow will bitch like hell if my script removes it overnight

There are sub-problems of this, mostly related around customers who move and change their company names every six months. So now I have a customer whose zone has expired from the roots (no more email to them) and whose phone number has changed (no way to call and find out what real intentions re: expired zone are). It's not worth our time to physically drive to their site to answer a question that has little to no real financial implications for us (thanks to the free hosting of up to three domains with order of T1 service).

So questions:

1) Does anyone else find this flaw in the DNS system as annoying as I do? If authority is to be regularly moved around between ISPs (who may be hosting thousands of customer domains), some automated process is needed to allow the ISP to make intelligent choices about when to remove a customer zone (authority transfers to another provider are likely the thing I'd key on, while non-payment removals would probably have a 30 day grace period since aforementioned physical moves are most likely cause of non-payment expiration).

2) Does anyone have a better way of cleaning out the dreck than some home-grown scripts? I've used sleep() judiciously to try not beating on any external servers more than necessary, but the output is less than 100% predictable and often hand audits are required before I can really generate automatic removals.

We used to get bitch notices from someone about zones we were supposed to be authoritative for and weren't. This was even more annoying, since often the whole point was that the customer was "parking" it on our servers but had used their 3 freebies and had no real immediate use for it, so neglected to tell us of it. Fine. But give us some notification, from somebody, so we can stick an empty placeholder in there and be ready when it is deployed.

For extra fun, this week a customer simply added their new providers DNS servers to their zone, without removing ours, or asking us to remove our config. So things were kinda whacky for them until someone called us and asked WTF was going on.