Re: [dns-operations] PTR Records for Broadband Network?
--- Begin Message --- Carsten I already do (within reason!) Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Carsten Schiefner Date: Wednesday, 30 November 2022 at 09:38 To: dns-operations@lists.dns-oarc.net Subject: Re: [dns-operations] PTR Records for Broadband Network? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Eat your customers' dog food, for a change? ;-) On 29.11.2022 19:43, Grant Taylor wrote: > On 11/23/22 6:42 AM, Michele Neylon - Blacknight via dns-operations wrote: >> We have tried repeatedly to engage with the various companies, but a >> lot of them don’t have a public contact for their network or security >> team, so our clients end up having to deal with their first level >> customer service teams. > > This sounds like a business justifiable reason for your business to > become a 1st party customer / client of these services just like your > end users are. > > Something to think about, at least for a few months. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations --- End Message --- ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] PTR Records for Broadband Network?
--- Begin Message --- Joe Sorry about the email format - Outlook has a mind of its own at times :( We have been trying to contact the various companies our clients are having issues with. I've personally spent hours trying to get Ticketmaster to escalate my query to somebody with a $clue, but got stuck in their CS system from hell :( The PTR records are fine - many of them have been there for many years. Somebody else pointed out to me offlist that some are missing A records, so we'll address that. We've checked the IPs against blacklists and nothing is showing that we can find. While *some* of the IP ranges we are using might be "secondhand" several of them are shiny and new and were never used prior to them allocated to us. Of the "used" ranges none were problematic and some come from another Irish ISP that has been consumed via M+A (not by us!). If you or anyone else can suggest mailing lists where I might stumble across people who work for some of these companies please do let me know - it'd be appreciated. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265, Ireland Company No.: 370845 From: Joe Abley Sent: Wednesday 23 November 2022 13:55 To: Michele Neylon - Blacknight Cc: dns-operati...@dns-oarc.net Subject: Re: [dns-operations] PTR Records for Broadband Network? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Michele, On Nov 23, 2022, at 07:46, Michele Neylon - Blacknight via dns-operations wrote: Hmm :-) Many many moons ago we setup the PTR records for our network using a template that clearly flagged that the IPs were static and used for hosting. The result was that the IP 185.97.239.13 would end up with a PTR record of 239-13.colo.sta.blacknight.ie Fast forward to 2022 and we now offer broadband to both businesses and consumers, but unfortunately some streaming services and others are blocking access. So our users have issues with Disney+, All4, Netflix and Ticketmaster to name but a few examples. One of the issues appears to be the PTR records. It might be worth reaching out to some of the people you know your customers are struggling with specifically and seeing what they are looking for. The presence and functional correctness of PTR records is known to be used as one heuristic for e-mail abuse ops; I hadn't heard of it for things like Netflix but what do I know? I assume these PTR records you have made are correctly published. Have you checked that the PTR targets (the 239-13.colo.sta.blacknight.ie name and its friends) themselves resolve back to the right address? Are the address ranges you are using for your customers tainted through some prior abuse, e.g. by some other organisation that used to use them? Do they appear on any of the usual blacklists? I have seen informal guidance to access providers in the past on what naming conventions are useful. I can't seem to find any of them right now but your naming scheme does not seem ridiculous. I would be surprised if that's the problem. You might want also to ask this question on the kind of more general lists that access and content providers hang out on. Joe --- End Message --- ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] PTR Records for Broadband Network?
--- Begin Message --- Greg >From my understanding some of these companies assume that ALL our IP blocks >are used for hosting and that traffic from them is from VPNs or is in some way >illegitimate. We have tried repeatedly to engage with the various companies, but a lot of them don’t have a public contact for their network or security team, so our clients end up having to deal with their first level customer service teams. In the case of Disney+, for example, their CS team can resolve the issue on a per IP basis, but that obviously does not scale. Netflix does seem to be responsive thankfully, but others like Ticketmaster and All4 are a black box. We honestly do not know what it is that they are looking for. In the description field for our broadband IPs we try to make it clear that they’re being used for broaband and not hosting: inetnum:185.97.236.0 - 185.97.236.255 netname:BLACKNIGHT-BROADBAND descr: Broadband Customers So we are trying to tweak what we can tweak ie. That which we control in the hope that it has some impact. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: Greg Choules Date: Wednesday, 23 November 2022 at 13:35 To: Michele Neylon - Blacknight Cc: dns-operati...@dns-oarc.net Subject: Re: [dns-operations] PTR Records for Broadband Network? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Michele. Before changing anything, exactly what problem is it that Disney+ etc. are having? Or better, what do they *expect* to see, if not what you have now? I didn't think many people used PTR records. Cheers, Greg On Wed, 23 Nov 2022 at 12:50, Michele Neylon - Blacknight via dns-operations mailto:dns-operati...@dns-oarc.net>> wrote: -- Forwarded message -- From: Michele Neylon - Blacknight mailto:mich...@blacknight.com>> To: "dns-operati...@dns-oarc.net<mailto:dns-operati...@dns-oarc.net>" mailto:dns-operati...@dns-oarc.net>> Cc: Bcc: Date: Wed, 23 Nov 2022 12:44:46 + Subject: PTR Records for Broadband Network? All Sorry if this is a little left of field, but I suspect that collectively the people on this list can give us better advice than many. Many many moons ago we setup the PTR records for our network using a template that clearly flagged that the IPs were static and used for hosting. The result was that the IP 185.97.239.13 would end up with a PTR record of 239-13.colo.sta.blacknight.ie<http://239-13.colo.sta.blacknight.ie> Fast forward to 2022 and we now offer broadband to both businesses and consumers, but unfortunately some streaming services and others are blocking access. So our users have issues with Disney+, All4, Netflix and Ticketmaster to name but a few examples. One of the issues appears to be the PTR records. For clarity the IP blocks we use for broadband are NOT the same blocks that we use for hosting. We are therefore looking at tweaking the PTR records for the broadband net blocks. Would removing the “colo.sta” bit be enough? Should we replace it with something else? Thanks and regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 ------ Forwarded message -- From: Michele Neylon - Blacknight via dns-operations mailto:dns-operati...@dns-oarc.net>> To: "dns-operati...@dns-oarc.net<mailto:dns-operati...@dns-oarc.net>" mailto:dns-operati...@dns-oarc.net>> Cc: Bcc: Date: Wed, 23 Nov 2022 12:44:46 + Subject: [dns-operations] PTR Records for Broadband Network? ___ dns-operations mailing list dns-operations@lists.dns-oarc.net<mailto:dns-operations@lists.dns-oarc.net> https://lists.dns-oarc.net/mailman/listinfo/dns-operations --- End Message --- ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] PTR Records for Broadband Network?
--- Begin Message --- All Sorry if this is a little left of field, but I suspect that collectively the people on this list can give us better advice than many. Many many moons ago we setup the PTR records for our network using a template that clearly flagged that the IPs were static and used for hosting. The result was that the IP 185.97.239.13 would end up with a PTR record of 239-13.colo.sta.blacknight.ie Fast forward to 2022 and we now offer broadband to both businesses and consumers, but unfortunately some streaming services and others are blocking access. So our users have issues with Disney+, All4, Netflix and Ticketmaster to name but a few examples. One of the issues appears to be the PTR records. For clarity the IP blocks we use for broadband are NOT the same blocks that we use for hosting. We are therefore looking at tweaking the PTR records for the broadband net blocks. Would removing the “colo.sta” bit be enough? Should we replace it with something else? Thanks and regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 --- End Message --- ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Survey on DNS resolver operations and DNSSEC
--- Begin Message --- I’m checking internally what ours does, but it’s not a “simple” binary question. We did have it turned on in the past, but doing so meant we couldn’t get email from several organisations we work with as their DNSSEC setup was broken. And of course it took time to realise that we weren’t getting those emails. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Peter Thomassen Date: Monday, 21 March 2022 at 14:50 To: dns-operations@lists.dns-oarc.net Subject: Re: [dns-operations] Survey on DNS resolver operations and DNSSEC [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. On 3/21/22 13:19, Bill Woodcock wrote: > The alternative to DNSSEC validation is man-in-the-middle compromises. We > wouldn’t be doing DNSSEC validation if it caused more workload than > man-in-the-middle compromises. Therefore the increased workload is negative, > not positive. Is that (economic) argument all there is to it? -- If so, wouldn't one expect all resolver operators to do DNSSEC validation? (Validation prevalence is far from 100%.) Best, Peter -- Like our community service? Please consider donating at https://desec.io/ deSEC e.V. Kyffhäuserstr. 5 10781 Berlin Germany Vorstandsvorsitz: Nils Wisiol Registergericht: AG Berlin (Charlottenburg) VR 37525 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations --- End Message --- ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Survey on DNS resolver operations and DNSSEC
--- Begin Message --- I’m checking internally what ours does, but it’s not a “simple” binary question. We did have it turned on in the past, but doing so meant we couldn’t get email from several organisations we work with as their DNSSEC setup was broken. And of course it took time to realise that we weren’t getting those emails. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Peter Thomassen Date: Monday, 21 March 2022 at 14:50 To: dns-operations@lists.dns-oarc.net Subject: Re: [dns-operations] Survey on DNS resolver operations and DNSSEC [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. On 3/21/22 13:19, Bill Woodcock wrote: > The alternative to DNSSEC validation is man-in-the-middle compromises. We > wouldn’t be doing DNSSEC validation if it caused more workload than > man-in-the-middle compromises. Therefore the increased workload is negative, > not positive. Is that (economic) argument all there is to it? -- If so, wouldn't one expect all resolver operators to do DNSSEC validation? (Validation prevalence is far from 100%.) Best, Peter -- Like our community service? Please consider donating at https://desec.io/ deSEC e.V. Kyffhäuserstr. 5 10781 Berlin Germany Vorstandsvorsitz: Nils Wisiol Registergericht: AG Berlin (Charlottenburg) VR 37525 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations --- End Message --- ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Best practice for securing DNS record
--- Begin Message --- What do you mean by “vulnerable”? And I suspect the issue isn’t DNS but more the software etc., wrapped around it -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Ondřej Surý Date: Thursday, 10 February 2022 at 17:46 To: Subramanian, Karthikeyan Cc: dns-operations@lists.dns-oarc.net Subject: Re: [dns-operations] Best practice for securing DNS record [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. > On 10. 2. 2022, at 17:55, Subramanian, Karthikeyan via dns-operations > wrote: > > Records are not vulnerable or any Stale record. That doesn’t make any sense on the DNS layer. All the stuff you mentioned are in the upper layers of the stack. Ondrej -- Ondřej Surý (He/Him) ond...@sury.org ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations --- End Message --- ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Is there any DNS manager of porkbun on this list?
Why don’t you contact them directly? They offer support Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Wyatt Chun Date: Tuesday 4 February 2020 at 05:45 To: "dns-operations@lists.dns-oarc.net" Subject: [dns-operations] Is there any DNS manager of porkbun on this list? If people use their DNS for registered domains, they always insert a record into the zone: .com<http://.com> 299 IN TXT "v=spf1 mx ~all" That makes all other SPF records failed. For example, I want to have my own TXT records: .com<http://.com>299 IN TXT "v=spf1 mx include:pobox.com<http://pobox.com> ~all" But sorry, after I added this one, porkbun will add another TXT (the before one) into the zone. So my customized SPF gets failed, the outgoing emails from this domain were rejected by other providers. If there has been any staff from porkbun on this list, can you help fixup this setting? Regards. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
If we are directly integrated with the registry then a nameserver change is almost instant. But we aren’t directly integrated with all registries and not all of them handle DNS changes in the same way Some, for example, will do a pre-check before they’ll allow a change. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Wesley Peng Date: Monday 25 November 2019 at 15:45 To: Dns-Operations Subject: Re: [dns-operations] Questions about my domain's DNS I saw blacknight does good business on domain industry. How do you handle DNS delegation like my case? Thanks. On Nov 25, 2019 at 10:22 PM, mailto:mich...@blacknight.com>> wrote: That depends on how they’re integrated It’s really a question you need to be asking them -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Wesley Peng Date: Monday 25 November 2019 at 15:22 To: "Elmar K. Bins" Cc: Dns-Operations Subject: Re: [dns-operations] Questions about my domain's DNS Hello When I changed name servers in registrar, won’t they be registered into DE’s servers automatically? Thank you. On Nov 25, 2019 at 9:56 PM, mailto:e...@4ever.de>> wrote: Hi Wesley, postmas...@wsly.de (Wesley Peng) wrote: > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS ns1.alldomains.hosting. > wsly.de.86400 IN NS ns2.alldomains.hosting. > wsly.de.86400 IN NS ns3.alldomains.hosting. > wsly.de.86400 IN NS ns4.alldomains.hosting. > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS art.ns.cloudflare.com. > wsly.de.86400 IN NS roxy.ns.cloudflare.com. > I was confused, since I have changed the domain's nameservers to > cloudflare's, why .de's root servers still give the clues that I am using > ns[1-4].alldomains.hosting? In order to update the records in "de" you need your domain provider to send them an update of the nameservers. - Elmar. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Questions about my domain's DNS
That depends on how they’re integrated It’s really a question you need to be asking them -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: dns-operations on behalf of Wesley Peng Date: Monday 25 November 2019 at 15:22 To: "Elmar K. Bins" Cc: Dns-Operations Subject: Re: [dns-operations] Questions about my domain's DNS Hello When I changed name servers in registrar, won’t they be registered into DE’s servers automatically? Thank you. On Nov 25, 2019 at 9:56 PM, mailto:e...@4ever.de>> wrote: Hi Wesley, postmas...@wsly.de (Wesley Peng) wrote: > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS ns1.alldomains.hosting. > wsly.de.86400 IN NS ns2.alldomains.hosting. > wsly.de.86400 IN NS ns3.alldomains.hosting. > wsly.de.86400 IN NS ns4.alldomains.hosting. > ;; AUTHORITY SECTION: > wsly.de.86400 IN NS art.ns.cloudflare.com. > wsly.de.86400 IN NS roxy.ns.cloudflare.com. > I was confused, since I have changed the domain's nameservers to > cloudflare's, why .de's root servers still give the clues that I am using > ns[1-4].alldomains.hosting? In order to update the records in "de" you need your domain provider to send them an update of the nameservers. - Elmar. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] GMX tld question
Full details here: https://www.iana.org/domains/root/db/gmx.html -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 13/11/2019, 14:23, "dns-operations on behalf of Wesley Peng" wrote: Hello, Is .gmx tld run by United Internet? We have communication issue to their DNS servers. gmx.21542 IN NS anycast10.irondns.net. gmx.21542 IN NS anycast23.irondns.net. gmx.21542 IN NS anycast9.irondns.net. gmx.21542 IN NS anycast24.irondns.net. But the communication to gmx.net NS servers gets no problem. gmx.net.11009 IN NS ns-gmx.ui-dns.com. gmx.net.11009 IN NS ns-gmx.ui-dns.biz. gmx.net.11009 IN NS ns-gmx.ui-dns.org. gmx.net.11009 IN NS ns-gmx.ui-dns.de. If anyone know the undercase operators, please let me know. Thank you. regards. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Dumb question: why is it that some registries limit the nameservers that can be delegated to?
Colm For gTLDs the nameservers have to be registered via a registrar Some of the ccTLDs also demand payment and other oddness for adding them I suspect a lot of this is legacy .. no idea though Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie http://www.blacknight.press for all our news media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 -Original Message- From: dns-operations [mailto:dns-operations-boun...@dns-oarc.net] On Behalf Of Colm MacCárthaigh Sent: Thursday, September 11, 2014 3:53 PM To: dns-operations@lists.dns-oarc.net Subject: [dns-operations] Dumb question: why is it that some registries limit the nameservers that can be delegated to? Many registries, if not most, don't let you delegate a zone to arbitrary name-servers. Instead those nameservers need to be registered in some way. Typically anyone can register a name server, and it once it's done, many zones can be delegated to that name server. A small number of CC-TLDs also require contact details for the name servers, but I only know of two that do that. Registering doesn't require setting up glue, and it doesn't look it's being done to detect cyclic dependencies between zones, which is also the only limitation in the DNS that I can think of that require some kind of workaround. So why is it that name servers need to be registered? What's the benefit of doing it? and if anyone can register a name server, what's the point? -- Colm ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] What's the story on gmail.fr?
Gmail.ie redirects to Gmail correctly .. Though I've never seen them advertise Gmail using anything other than the .com .. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: dns-operations [dns-operations-boun...@dns-oarc.net] on behalf of sth...@nethelp.no [sth...@nethelp.no] Sent: 06 July 2014 16:26 To: bortzme...@nic.fr Cc: dns-operati...@dns-oarc.net Subject: Re: [dns-operations] What's the story on gmail.fr? By the way, as far as i know french people use gmail.com in place of gmail.fr. They won't even notice ! ;) Indeed, I've never seen gmail.fr advertised by Google and I'm surprised to learn it is used in Norway. Google Search finds only one link for gmail.fr :-) It may not actually be used. I came across this when investigating SERVFAILs. These days a large number of SERVFAILs are triggered by botnets, and thus it is entirely possible that the queries I found for gmail.fr were also triggered by botnets. Steinar Haug, AS 2116 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] What's wrong with my domain?
Mohamed Seeing similar errors here: http://mydnscheck.com/?domain=gu.edu Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: dns-operations [mailto:dns-operations-boun...@dns-oarc.net] On Behalf Of Mohamed Lrhazi Sent: Wednesday, July 2, 2014 11:29 AM To: dns-operations Subject: [dns-operations] What's wrong with my domain? I am sure I messed up something, but cant figure out what! Some DNS servers, notably Google's, return SERVFAIL, since a couple of days now. This dns report says the NS records do not have A records... but they do in my zone data. http://www.dnssy.com/report.php?q=gu.edu ➜ ~ dig any gu.eduhttp://gu.edu @8.8.8.8http://8.8.8.8 ; DiG 9.9.5-3-Ubuntu any gu.eduhttp://gu.edu @8.8.8.8http://8.8.8.8 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 24840 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;gu.eduhttp://gu.edu. IN ANY ;; Query time: 80 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Jul 02 06:21:49 EDT 2014 ;; MSG SIZE rcvd: 35 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Need contacts
Dan Glue record changes are usually handled by your registrar - at least we do it for all our clients .. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 -Original Message- From: dns-operations [mailto:dns-operations-boun...@dns-oarc.net] On Behalf Of Dan Durrer Sent: Wednesday, July 2, 2014 6:46 PM To: dns-operati...@dns-oarc.net Subject: [dns-operations] Need contacts Hey Guys, I can't get into the specifics but a glue change may occur shortly for the No-IP zones. I'm hoping you can put me in touch with the appropriate folks over at Neustar, Verisign, Afilias and PIR We're hoping to find someone that can help us expedite this process. Any help is greatly appreciated. Regards, Dan Durrer No-IP ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] It's begun...
On 24 Oct 2013, at 17:05, Stephane Bortzmeyer bortzme...@nic.fr wrote: On Thu, Oct 24, 2013 at 04:33:52PM +0200, Anne-Marie Eklund-Löwinder anne-marie.eklund-lowin...@iis.se wrote a message of 39 lines which said: Twitter is so last year. IANA notifications over 4chan? Or am I so late I don't even know the trend of the day? Maybe there’s a new medium that we’ve all missed :) Mr Michele Neylon Blacknight Solutions ♞ Hosting Domains ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] It's begun...
Edward Yes - they've been delegated: http://blog.blacknight.com/new-tlds-almost.html Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: dns-operations-boun...@lists.dns-oarc.net [dns-operations-boun...@lists.dns-oarc.net] on behalf of Edward Lewis [ed.le...@neustar.biz] Sent: 23 October 2013 21:01 To: DNS Operations Cc: Edward Lewis Subject: [dns-operations] It's begun... My sensors show 4 new gTLDs in the last hour or so...IDN, non-ccTLD...added between 1800 and 1900 UTC. Anyone else see this? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStarYou can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions, and responses. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] summary of recent vulnerabilities in DNS security.
On 22 Oct 2013, at 20:28, Jared Mauch ja...@puck.nether.net wrote: It's difficult because there is not universal support amongst registrars. Once again the wheel gets stuck when the technical side meets the business side. It's not entirely business that causes the issues .. Registry operators do not have a consistent or uniform way of implementing DNSSEC, which makes integration more complex for registrars. If, as a registrar, we only offered .com then it would be one thing, but that's not the case .. Before someone says switch registrar, it's usually not that easy and then becomes something resembling a full time project vs just throwing a switch. Edit a zone file vs edit, run a script, upload some keys, roll some keys, do some other magic is harder than edit a zone file. This runs into the same friction issue that using PGP and other tools encounter. It seems simple enough to most folks, but when you add in someone less-technical, it goes off the rails quickly. I can't count the number of times someone emailed me their full keyring or private key when they meant public. It's not as easy as you think it is. - Jared ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs Mr Michele Neylon Blacknight Solutions ♞ Hosting Domains ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] summary of recent vulnerabilities in DNS security.
On 21 Oct 2013, at 19:32, Vernon Schryver v...@rhyolite.com wrote: Yes, I've noticed that Google is still not signing. Maybe the continuing hijackings of their ccTLD domains will move them. I suspect they're more interested in getting registry lock in place rather than DNSSEC. Most of the attacks against Google have involved changing the name servers completely .. Mr Michele Neylon Blacknight Solutions ♞ Hosting Domains ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] A question about changing nameservers
Obvious question, but did you create the glue records? -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel/ Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: dns-operations-boun...@lists.dns-oarc.net [dns-operations-boun...@lists.dns-oarc.net] on behalf of Feng He [fen...@nsbeta.info] Sent: 28 May 2013 11:07 To: DNS Operations List Subject: [dns-operations] A question about changing nameservers Hello, My platform DNSbed.com has cloudwebdns.com as the nameserver domain. The DNS of cloudwebdns.com is currently hosted by: dns1.registrar-servers.com. dns2.registrar-servers.com. dns3.registrar-servers.com. dns4.registrar-servers.com. dns5.registrar-servers.com. Today I changed the nameservers to our own nameservers: ns1.cloudwebdns.com. ns2.cloudwebdns.com. ns3.cloudwebdns.com. ns4.cloudwebdns.com. I have added the zone to named.conf, created zone files, and reloaded BIND. But when I added a record by nsupdate, it got the error: response to SOA query was unsuccessful When I dig to localhost: dig cloudwebdns.com soa @localhost Got the status ServFail. Can you tell me what has happened? Thanks. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] DNS Issue
We've seen large companies' sysadmins being adamant that their firewall setup was correct and that we didn't know DNS .. .. even though every single article and test result proved otherwise .. Never underestimate stupidity and ignorance :) Mr Michele Neylon Blacknight Solutions ♞ Hosting Domains ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
On 15 Jan 2013, at 14:48, Stephane Bortzmeyer bortzme...@nic.fr wrote: On Wed, Jan 16, 2013 at 12:46:30AM +1100, Mark Andrews ma...@isc.org wrote a message of 126 lines which said: For clean transfers of zones from one provider to the next the losing provide should slave the zones from the new provider. This ensures that caches only see current content regardless of whether they are talking to the new or old servers. Note that it does not scale (think about the ACL to manage and the need to have a timer) and, in practice, is never done (despite the fact it is a contractual obligation for the .FR registrars and may be for the ICANN ones). It's not a contractual requirement for ICANN accredited registrars We are contractually obliged to follow the inter-registrar transfer policy (http://www.icann.org/en/resources/registrars/transfers/policy-01jun12.htm ) but that has nothing to do with DNS zone transfers Most of the ccTLD don't put an obligation on us either And as Stephane points out, that kind of thing simply does not scale Regards Michele Mr Michele Neylon Blacknight Solutions ♞ Hosting Domains ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
The only time I've seen DNS being pulled or domains pointed at holding pages as described is with resellers of registrars Not saying that registrars don't do it ever, but I've never seen any do it Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 16 Jan 2013, at 01:51, Mike Jones m...@mikejones.in wrote: On 15 January 2013 22:19, Matthew Ghali mgh...@snark.net wrote: TBH I've never even thought to have that expectation from a registrar; and in fact I'd never assume they do the right thing. My first domain registrar was the Internic, which probably explains the low bar. Many years later, working at a registrar (on a hosted DNS product!) only reinforced my beliefs. In an ideal world, you'd get exactly what you pay for. In reality you get less. Most people are definitely not paying for inter-provider coordination and a seamless service cutover. Heck, they're paying barely enough for service that answers *most* queries. Some registrars would probably argue 1 DNS server occasionally being up was good enough to meet their obligations for the free (meaning included in the price and you pay for it if you use it or not) service if past experience is anything to go by. but there's a difference between not 100% reliable which is acceptable to use on domains that aren't very important and we'll hijack your traffic to our landing page if you try to migrate away from us which I don't think is acceptable even for the least important domains I have. - Mike ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] keeping ICANN busy with dotless domains
+1 The discussion here has been enlightening, but if you want your thoughts to have any impact you should submit a public comment if you haven't done so already Regards Michele Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 23 Sep 2012, at 10:40, Jim Reid j...@rfc1035.com wrote: This thread is becoming tiresome. Could those who want to continue what ICANN should and shouldn't do about making rules for dotless domains, please take the discussion elsewhere? Thanks. ICANN is in the middle of a public comment period on dotless domains (http://www.icann.org/en/news/public-comment/sac053-dotless-domains-24aug12-en.htm) so that seems a suitable forum for those who want to continue debating this issue. Some members of this list have already done that. More input there would also have the side-effect of keeping ICANN busy. :-) For those who have not yet looked at ICANN's comment forum, Microsoft's VP for Technology Policy has stated the company supports a prohibition on the use of A, , MX records at the apex of a TLD: http://forum.icann.org/lists/sac053-dotless-domains/pdfjobOOzS93n.pdf. So that suggests they do not plan on using these for .microsoft or whatever. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Go Daddy is down
They've issued a statement explaining the outage http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=410 Seemingly nothing to do with hackers or DDOS .. -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel/ Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: dns-operations-boun...@mail.dns-oarc.net [dns-operations-boun...@mail.dns-oarc.net] on behalf of Andrew Sullivan [a...@anvilwalrusden.com] Sent: 10 September 2012 23:42 To: dns-operati...@mail.dns-oarc.net Subject: Re: [dns-operations] Go Daddy is down On Mon, Sep 10, 2012 at 01:49:35PM -0700, Paul Hoffman wrote: I believe that this avalanche *is* helpful specifically because Fox News in the US is saying that the outage is due to a DoS attack based on a quote from a security vendor whom I don't trust. Differentiating between offline and bad records and looks like DoS is actually quite useful. But to emphasise, you're making Joe's point: we don't have any of that, just a lot of blather about where someone is and whether they can see anything. FWIW, it's working for me now: ; DiG 9.6-ESV-R4-P3 @cns2.secureserver.net -t NS www.godaddy.com +noall +answer +norecurse +stats ; (1 server found) ;; global options: +cmd www.godaddy.com.300 IN CNAME godaddy.com. godaddy.com.3600IN NS cns3.secureserver.net. godaddy.com.3600IN NS cns1.secureserver.net. godaddy.com.3600IN NS cns2.secureserver.net. ;; Query time: 31 msec ;; SERVER: 216.69.185.100#53(216.69.185.100) ;; WHEN: Mon Sep 10 18:40:21 2012 ;; MSG SIZE rcvd: 168 1 172.16.34.1 (172.16.34.1) 3.406 ms 0.690 ms 0.678 ms 2 69-196-144-225.dsl.teksavvy.com (69.196.144.225) 11.155 ms 99.296 ms 100.081 ms 3 206.248.154.104 (206.248.154.104) 13.438 ms 13.849 ms 13.199 ms 4 2120.ae0.bdr01.tor.packetflow.ca (69.196.136.66) 12.788 ms 12.705 ms 12.542 ms 5 10gigabitethernet4-3.core1.tor1.he.net (216.66.36.97) 23.305 ms 12.381 ms 12.850 ms 6 10gigabitethernet7-3.core1.chi1.he.net (184.105.213.150) 28.405 ms 24.773 ms 25.672 ms 7 eqix-ch.godaddy.com (206.223.119.141) 25.925 ms 23.873 ms 27.356 ms 8 ip-184-168-0-14.ip.secureserver.net (184.168.0.14) 29.082 ms 27.230 ms 28.864 ms 9 * ip-184-168-0-14.ip.secureserver.net (184.168.0.14) 28.593 ms !X * 10 * * * [c.] A -- Andrew Sullivan a...@anvilwalrusden.com ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Go Daddy is down
Can't reach them on my Irish ISP Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 10 Sep 2012, at 20:43, Mark Jeftovic mar...@easydns.com wrote: It looks regional (like USA). Up here in Toronto we can resolve most names using Godaddy DNS. On 12-09-10 2:39 PM, Rick Wesson wrote: well the twitterverse supports you thesis... http://techcrunch.com/2012/09/10/godaddy-outage-takes-down-millions-of-sites/ -r On Mon, Sep 10, 2012 at 11:20 AM, bert hubert bert.hub...@netherlabs.nl mailto:bert.hub...@netherlabs.nl wrote: Hi everybody, Go Daddy's servers appear to be down. I first noticed this from the automated PowerDNS Recursor bulk test, which suddenly could only resolve 91.6% of domains successfully (96% is the norm) [1]. Our test set consists of the most popular domain names on the internet. The test usually terminates in 3 minutes but now takes 7. This might imply a level of stress on busy resolvers getting so many timeouts. Bert [1] that it isn't 100% has to do with some domains existing only as www. or only without it).. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net mailto:dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Jeftovic, Founder CEO, easyDNS Technologies Inc. Company Website: http://easydns.com Read My Blog:http://markable.com +1-416-535-8672 ext 225 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Go Daddy is down
Joe Well I've only been trying domain.me and godaddy.com via my mobile :-) Regards Michele Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 10 Sep 2012, at 22:34, Joe Abley jab...@hopcount.ca wrote: (not picking on you particularly, general knee-jerk comment follows) On 2012-09-10, at 16:24, Aaron Cossey aaron.cos...@gmail.com wrote: Still out here in Germany at 2022UTC. Very interested to read what happened when its back up. These problem reports would be a lot more useful if they included things like: - what actual nameserver or nameservers you're trying to reach - what test you're doing - what the result of the test was (what you mean by out) - what source address (or at least source AS) the test was performed from - where the destination appeared to be to you (traceroute) - when you did the test OK from France, Up here in Toronto or Out in Germany don't tell me much. GoDaddy are associated with lots of nameservers; I bet some of the different responses here are because people are not all looking at the same one. Note that I'm not especially suggesting that continuing the avalanche with all that information included would be a good thing on this list (I'm not really a fan of avalanches) but if you're going to send information to others, presumably to help them troubleshoot, detail is handy. My knee feels fine, now. Joe ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] How to transfer DS records to parent zone?
Vernon Registrars are commercial entities. We support products / services for which there is a commercial demand. Regards Michele Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 14 Jul 2012, at 19:28, Vernon Schryver v...@rhyolite.com wrote: they handled the DS submission via email There seem to be more than one registrar that claims to handle DNSSEC via mail. Never mind security questions such as whether or how (e.g. PGP vs. S/MIME) that mail is signed or there are other protections against bad guy games. RFC 4641 suggests planning for a key effectivity on the order of a few months for key signing keys. Negotiating with a registrar's support mailbox every few months or even once every year or two strikes me as at best impractical in a professional operational (as opposed to vanity domain or test) setting. And what happens in an emergency key rollover after you suspect that the computer with the secret keys has been compromised or a less than amicable trusted employee departure? As far as I'm concerned, the years old registar answer to the DNSSEC? question of send mail to support is a disingenuous effort to pass checklists. I don't understand why registrars are dragging their feet. To my naive ears, transfer locking, privacy guard, HTTP and mail forwarding, and other de facto standard registrar services sound harder than accepting and signing keys. But then I also don't understand why it took them so long to start handling IPv6 glue. Vernon Schryverv...@rhyolite.com P.S. Of course, given men in the middle and so forth, the HTTPS web pages used by registrars to change NS and glue records are not very secure...except compared to unauthenticated, trivially forged mail. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
