apologies if this isn't the correct list...
Has anyone else observed the following behavior for the .cn TLD, where
one authoritative server (NS.CERNET.NET) wildcards invalid domains,
but the others (a-e.dns.cn) do not?
Anyone know someone operationally involved with the .cn TLD to know if
this is deliberate and, if so, why?
The authority for .cn (in this case, from g.root-servers.net) is:
(reordered for readability)
cn. 172800 IN NS A.DNS.cn.
cn. 172800 IN NS B.DNS.cn.
cn. 172800 IN NS C.DNS.cn.
cn. 172800 IN NS D.DNS.cn.
cn. 172800 IN NS E.DNS.cn.
cn. 172800 IN NS NS.CERNET.NET.
with IPs 203.119.{25-29}.1 for {a-e}.dns.cn and 202.112.0.44 for ns.cernet.net
A nice little foreach loop shows the behavior for me (from ICSI):
foreach foo ( 203.119.25.1 203.119.26.1 203.119.27.1 203.119.28.1
203.119.29.1 202.112.0.44 )
foreach? echo "Looking up a bad name at $foo"
foreach? dig +short +norecurse www.aoeuantoheuntahoeutn.cn @$foo
foreach? end
Looking up a bad name at 203.119.25.1
Looking up a bad name at 203.119.26.1
Looking up a bad name at 203.119.27.1
;; connection timed out; no servers could be reached
Looking up a bad name at 203.119.28.1
Looking up a bad name at 203.119.29.1
;; connection timed out; no servers could be reached
Looking up a bad name at 202.112.0.44
159.226.7.162
NS.CERNET.NET seems to be deliberately wildcarding items which are
otherwise NXDOMAIN, and returning the a record of a server they
control. But it is ONLY this nameserver, not all nameserver for .cn.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
