At 4/25/02 2:02 PM, JB Segal wrote: >So, it's unclear to me whether the situations discribed in >http://resellers.tucows.com/opensrs/orphan_a_records >are merely heads-up 'This might be a problem for you' or if it's a >warning 'If any of these 4 situations exist, your NS Glue Records are >toast at the roots'. > >Can anyone expand on that?
Did you get sent a personal list of orphaned records? If you have any orphaned ones, you probably will receive a list (we did, anyway); otherwise you can ignore it. If you receive the list, first check to see if the names are being used for anything. For example, if one of the records on the list was "abc.example.com", you'd first check to see if you actually use "abc.example.com" for anything at all. If you don't, you can just delete the nameserver record for it. That eliminates cases 1 and 2. If you are using the name for anything, you have to see if the IP address for that name in your own nameserver is different from the IP address of the "orphaned" name in the root zones. You'd use dig for this, with something like: $ dig abc.example.com @ns1.example.com ... (or whatever your authoritative nameserver for example.com is), then: $ dig abc.example.com @a.gtld-servers.net Then see if the IP addresses are the same. If they are, again, you can delete the nameserver record for it with no ill effects. This is the "you're okay" situation mentioned on the page as "an orphan A record merely occludes the same information in a com, net or org subzone". If the IP addresses are different, you have a problem (and the name probably hasn't worked very reliably anyway). This is case 3; you would then fix your local DNS so that it has the correct address, and then delete the nameserver record. If you're in case 4, it's doubtful that your names are working at all. You might as well delete the record anyway since your DNS is so broken it won't work properly. (The page itself has slightly different instructions for determining which case you're in; the steps above were my method. Use the instructions on the page if you don't know what you're doing, so as not to blame me.) You'll note that all the "fixes" eventually end up with you deleting the orphaned host record, which is the point of the exercise. Any records on the list WILL be deleted within a month -- the question is merely whether you do it in an orderly fashion after investigating each one, or whether Verisign just deletes them all for you without you knowing what they might have been used for. You're better off checking and doing it yourself. -- Robert L Mathews, Tiger Technologies "The trouble with doing something right the first time is that nobody appreciates how difficult it was."
