On Sat, 14 Mar 2026 17:27:48 +0100
Matthias Andree <[email protected]> wrote:
> Am 14.03.26 um 14:50 schrieb John Hill via Postfix-users:
> > both links fail?
>
> There seem to be DNS issues,
As I noted earlier, the host “jimsun” was renamed to “athena” late
last week. Unfortunately I neglected to update the NS record with my
registrar at the same time. (Yes, a rather embarrassing oversight.)
That, combined with a few latent issues in the linxnet.com zone file
exposed by the rename, resulted in temporary DNS breakage.
> puck.nether.net as name server gets
> served without glue "A" record,
That is expected: puck.nether.net is out-of-bailiwick, so glue is
neither required nor normally provided.
What's currently happening is the parent delegation has not yet
caught up with the zone’s NS set. The registry still lists:
linxnet.com NS puck.nether.net
linxnet.com NS jimsun.linxnet.com
while the zone itself now serves:
linxnet.com NS puck.nether.net
linxnet.com NS athena.linxnet.com
Until the registrar pushes the updated delegation (see below),
resolvers will see this temporary mismatch.
> and the other name server is
> jimsun.linxnet.com with a two-week TTL,
I’m not sure where that comes from. No linxnet.com zone has ever used
a TTL that large. The zone expiry is one week (604800), but the
actual record TTLs have been one hour since Day 1. During the
transition they were reduced to 30 minutes.
> so... and DNSKEY/DS data
> seems to be missing,
That was another mistake on my part. While troubleshooting the
delegation issue I temporarily disabled DNSSEC signing without
removing the DS record at the registrar, which caused validating
resolvers to fail unless DNSSEC checking was disabled.
Signing was restored early this morning (US Eastern DST).
> The answer size also seems to be on the brink of what
> can pass through some networks unfragmented.
I’m not seeing that. For example, from outside my network:
$ dig linxnet.com DNSKEY +dnssec
...
;; MSG SIZE rcvd: 227
which is well below typical UDP limits.
>
> Other than that, for my minimal use case, 1.1.15 seems to work
> smoothly so far.
Good to hear — thanks for the feedback.
My apologies for the DNS hiccups. I thought I had all the bases
covered before the rename—but clearly I missed a few details.
Off-topic question for the list, if I may:
Does it normally take registrars 24–48 hours to push an NS change out
to the .com registry? I don’t recall delays that long from my days
administering domains at my last employer, but perhaps things have
changed?
Just curious what others typically see in practice.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://athena.LinxNet.com/contact/scform.php>.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
