Hello, it seems bluehost.com does some weird things with several TLDs. Their nameservers return authoritative answer for SOA queries for some TLDs:
$ dig soa si @ns1.bluehost.com. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> soa si @ns1.bluehost.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23273 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;si. IN SOA ;; ANSWER SECTION: si. 14400 IN SOA sss.dns.si. abuse.bluehost.com. 2014040700 86400 7200 3600000 300 ;; Query time: 160 msec ;; SERVER: 74.220.195.31#53(74.220.195.31) ;; WHEN: Fri Jun 20 15:50:56 2014 ;; MSG SIZE rcvd: 82 However soa records they return is faked (origin, rname, serial, timers..) $ dig +short soa si @ns1.bluehost.com. sss.dns.si. abuse.bluehost.com. 2014040700 86400 7200 3600000 300 $ dig +short soa si ns1.arnes.si. hostmaster.arnes.si. 1403269236 3600 1800 720000 3600 $ dig +short soa de @ns1.bluehost.com. a.nic.de. abuse.bluehost.com. 2014041400 86400 10800 3600000 300 $ dig +short soa fi @ns1.bluehost.com. a.fi. abuse.bluehost.com. 2014041400 86400 10800 3600000 300 $ dig +short soa com. @ns1.bluehost.com. a.gtld-servers.net. abuse.bluehost.com. 2009091600 28800 7200 3600000 300 Does anyone know what is the purpouse for doing this? Regards, Benjamin _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
