Robert is correct... Basically Verisign has stated 4 criteria (see URL below) for what an "Orphaned Nameserver" is... if your nameserver falls under ANY of these criteria (OR, if it has NO domains currently assigned to it) you will receive an email from us. Verisign is updating their lists weekly, so we're sending out announcements weekly (every Monday). Verisign has stated that after their May maintenance window (currently slated for the last weekend in may, verification and announcement to come) they will be deleting any remaining orphaned A records.
So you should either fix them, delete them or ignore and let verisign remove them on your behalf :) Charles Daminato OpenSRS Product Manager Tucows Inc. - [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Robert L Mathews > Sent: April 25, 2002 7:10 PM > To: [EMAIL PROTECTED] > Subject: Re: NSI's Orphan Nameserver project. > > > At 4/25/02 2:02 PM, JB Segal wrote: > > >So, it's unclear to me whether the situations discribed in > >http://resellers.tucows.com/opensrs/orphan_a_records > >are merely heads-up 'This might be a problem for you' or if it's a > >warning 'If any of these 4 situations exist, your NS Glue Records are > >toast at the roots'. > > > >Can anyone expand on that? > > Did you get sent a personal list of orphaned records? If you have any > orphaned ones, you probably will receive a list (we did, anyway); > otherwise you can ignore it. > > If you receive the list, first check to see if the names are being used > for anything. For example, if one of the records on the list was > "abc.example.com", you'd first check to see if you actually use > "abc.example.com" for anything at all. If you don't, you can just delete > the nameserver record for it. That eliminates cases 1 and 2. > > If you are using the name for anything, you have to see if the IP address > for that name in your own nameserver is different from the IP address of > the "orphaned" name in the root zones. You'd use dig for this, with > something like: > > $ dig abc.example.com @ns1.example.com > > ... (or whatever your authoritative nameserver for example.com is), then: > > $ dig abc.example.com @a.gtld-servers.net > > Then see if the IP addresses are the same. If they are, again, you can > delete the nameserver record for it with no ill effects. This is the > "you're okay" situation mentioned on the page as "an orphan A record > merely occludes the same information in a com, net or org subzone". > > If the IP addresses are different, you have a problem (and the name > probably hasn't worked very reliably anyway). This is case 3; you would > then fix your local DNS so that it has the correct address, and then > delete the nameserver record. > > If you're in case 4, it's doubtful that your names are working at all. > You might as well delete the record anyway since your DNS is so broken it > won't work properly. > > (The page itself has slightly different instructions for determining > which case you're in; the steps above were my method. Use the > instructions on the page if you don't know what you're doing, so as not > to blame me.) > > You'll note that all the "fixes" eventually end up with you deleting the > orphaned host record, which is the point of the exercise. Any records on > the list WILL be deleted within a month -- the question is merely whether > you do it in an orderly fashion after investigating each one, or whether > Verisign just deletes them all for you without you knowing what they > might have been used for. You're better off checking and doing it > yourself. > > -- > Robert L Mathews, Tiger Technologies > > "The trouble with doing something right the first time is that nobody > appreciates how difficult it was." >
