Re: [dns-operations] Enom's name server broken?
Shortly after this thread started we had a customer trying to migrate here with the same problem. Enom was made aware of this and started working on the issue and in working with them to run some tests it looks fixed now. They tell me the fix will be promoted live tomorrow. - mark On 14 Jan 2013, at 17:53, Fan Of Networkfanofnetw...@gmail.com wrote: Hello, We use Enom as a registrar and provider of name server for a few of our domains. Recently we decided to switch name servers provider to a different company. One could say that it is easy. Yes, but with Enom name server is seems to be a problem. Why? Let's assume that we query for a host record in xclusivmedia.com (one of our domains still registered at Enom). Our resolver will cache (depending if it is parent-centric on child-centric) NS records from .com authoritative name server (TTL of 2 days) or Enom's name server (TTL of 1h). Then, we change list of authoritative name server at Enom (here as registrar) and within minutes .com authoritative servers will be updated. However, our resolver will keep asking Enom's name server for our domain. What Enom's server will reply? Let's see: dig test1.xclusivmedia.com @dns1.name-services.com ; DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 test1.xclusivmedia.com @dns1.name-services.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 43753 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: ;test1.xclusivmedia.com.IN A ;; AUTHORITY SECTION: test1.xclusivmedia.com. 1800IN A 91.102.91.61 test1.xclusivmedia.com. 1800IN TXT v=spf1 -all test1.xclusivmedia.com. 3600IN NS ns1.p28.dynect.net. test1.xclusivmedia.com. 3600IN NS ns2.p28.dynect.net. test1.xclusivmedia.com. 3600IN NS ns3.p28.dynect.net. test1.xclusivmedia.com. 3600IN NS ns4.p28.dynect.net. ;; Query time: 166 msec ;; SERVER: 98.124.192.1#53(98.124.192.1) ;; WHEN: Mon Jan 14 18:44:41 2013 ;; MSG SIZE rcvd: 166 Yes, this the whole zone dumped into authority section...Did you see something like that before? Any idea how to work it around? We tried Enom's support, but they don't see the problem in this and they are not willing to escalate. Is anyone from Enom reading this? If so, could you please contact me off the list? Thanks. -- Mark Jeftovic mar...@easydns.com Founder CEO, easyDNS Technologies Inc. +1-(416)-535-8672 ext 225 Read my blog: http://markable.com ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
On Tue, Jan 15, 2013 at 11:19 PM, Matthew Ghali mgh...@snark.net wrote: In an ideal world, you'd get exactly what you pay for. In reality you get less. Most people are definitely not paying for inter-provider coordination and a seamless service cutover. Heck, they're paying barely enough for service that answers *most* queries. I'm willing to pay for seamless service cut over - no problem with that. My provider (Enom) does even have a hosted DNS product, but they cannot activate it when they domain is registered with them. Now, I'm considering transferring my domains away from Enom as this might be the easiest solution. Some providers don't even offer the option to pay more and get better service, which is a pity. You can argue why Enom was chosen in the first place as a registrar and provider for DNS. I honestly don't know - they were big enough I guess. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
In message d1ac4482bed7c04dac43491e9a9dbec301399...@bkexchmbx02.blacknight.loc al, Michele Neylon :: Blacknight writes: Surely that's an issue with your resolver and not with enom? Or am I misunderstanding the question .. No. Caches work like that. There will be a period where the losing servers continue to get queries after the delegation has been changed. For clean transfers of zones from one provider to the next the losing provide should slave the zones from the new provider. This ensures that caches only see current content regardless of whether they are talking to the new or old servers. (or maybe I need more coffee) Or are you expecting eNom to purge DNS records for domains for which they aren't currently authoritative? I expect losing providers to do the right thing while the zone's delegation is in a state of flux. The answer below is self inconsistent. It says there are no address records but stuffs a address record in the authority section along with a TXT record. The servers are clearly *broken*. Now one can argue about what the right thing is. Old zone contents, new zone contents or return responses as if the zone is removed. This answer matches none of those. No instruction, in any RFC, results in that response. Mark On 14 Jan 2013, at 17:53, Fan Of Network fanofnetw...@gmail.com wrote: Hello, We use Enom as a registrar and provider of name server for a few of our domains. Recently we decided to switch name servers provider to a different company. One could say that it is easy. Yes, but with Enom name server is seems to be a problem. Why? Let's assume that we query for a host record in xclusivmedia.com (one of our domains still registered at Enom). Our resolver will cache (depending if it is parent-centric on child-centric) NS records from .com authoritative name server (TTL of 2 days) or Enom's name server (TTL of 1h). Then, we change list of authoritative name server at Enom (here as registrar) and within minutes .com authoritative servers will be updated. However, our resolver will keep asking Enom's name server for our domain. What Enom's server will reply? Let's see: dig test1.xclusivmedia.com @dns1.name-services.com ; DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 test1.xclusivmedia.com @dns1.name-services.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 43753 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: ;test1.xclusivmedia.com.IN A ;; AUTHORITY SECTION: test1.xclusivmedia.com. 1800IN A 91.102.91.61 test1.xclusivmedia.com. 1800IN TXT v=spf1 -all test1.xclusivmedia.com. 3600IN NS ns1.p28.dynect.net. test1.xclusivmedia.com. 3600IN NS ns2.p28.dynect.net. test1.xclusivmedia.com. 3600IN NS ns3.p28.dynect.net. test1.xclusivmedia.com. 3600IN NS ns4.p28.dynect.net. ;; Query time: 166 msec ;; SERVER: 98.124.192.1#53(98.124.192.1) ;; WHEN: Mon Jan 14 18:44:41 2013 ;; MSG SIZE rcvd: 166 Yes, this the whole zone dumped into authority section...Did you see something like that before? Any idea how to work it around? We tried Enom's support, but they don't see the problem in this and they are not willing to escalate. Is anyone from Enom reading this? If so, could you please contact me off the list? Thanks. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs Mr Michele Neylon Blacknight Solutions Hosting Domains ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
On Wed, Jan 16, 2013 at 12:46:30AM +1100, Mark Andrews ma...@isc.org wrote a message of 126 lines which said: For clean transfers of zones from one provider to the next the losing provide should slave the zones from the new provider. This ensures that caches only see current content regardless of whether they are talking to the new or old servers. Note that it does not scale (think about the ACL to manage and the need to have a timer) and, in practice, is never done (despite the fact it is a contractual obligation for the .FR registrars and may be for the ICANN ones). ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
On 15 Jan 2013, at 14:48, Stephane Bortzmeyer bortzme...@nic.fr wrote: On Wed, Jan 16, 2013 at 12:46:30AM +1100, Mark Andrews ma...@isc.org wrote a message of 126 lines which said: For clean transfers of zones from one provider to the next the losing provide should slave the zones from the new provider. This ensures that caches only see current content regardless of whether they are talking to the new or old servers. Note that it does not scale (think about the ACL to manage and the need to have a timer) and, in practice, is never done (despite the fact it is a contractual obligation for the .FR registrars and may be for the ICANN ones). It's not a contractual requirement for ICANN accredited registrars We are contractually obliged to follow the inter-registrar transfer policy (http://www.icann.org/en/resources/registrars/transfers/policy-01jun12.htm ) but that has nothing to do with DNS zone transfers Most of the ccTLD don't put an obligation on us either And as Stephane points out, that kind of thing simply does not scale Regards Michele Mr Michele Neylon Blacknight Solutions ♞ Hosting Domains ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
Michele Neylon :: Blacknight writes: Surely that's an issue with your resolver and not with enom? I'm a little surprised I haven't seen someone comment on this issue with their servers (but maybe I missed it in my quick skim; if so, apologies for redundancy): On 14 Jan 2013, at 17:53, Fan Of Network fanofnetw...@gmail.com wrote: ; DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 test1.xclusivmedia.com @dns1.name-services.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 43753 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: ;test1.xclusivmedia.com. IN A ;; AUTHORITY SECTION: test1.xclusivmedia.com. 1800 IN A 91.102.91.61 test1.xclusivmedia.com. 1800 IN TXT v=spf1 -all test1.xclusivmedia.com. 3600 IN NS ns1.p28.dynect.net. test1.xclusivmedia.com. 3600 IN NS ns2.p28.dynect.net. test1.xclusivmedia.com. 3600 IN NS ns3.p28.dynect.net. test1.xclusivmedia.com. 3600 IN NS ns4.p28.dynect.net. Why are the A and TXT record in the Authority section? ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
On Tue, Jan 15, 2013 at 12:10 PM, Michele Neylon :: Blacknight mich...@blacknight.com wrote: Or are you expecting eNom to purge DNS records for domains for which they aren't currently authoritative? I'd expect Enom to keep replying to queries as they used to before list of authoritative name servers for my domain was changed. In ideal world they should do that for TTL on parent server (here .com so 2 days) Thanks. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
On Jan 15, 2013, at 11:45 AM, Paul Vixie p...@redbarn.org wrote: Stephane Bortzmeyer wrote: ... dns1.name-services.com is not supposed to be recursive (it does not set the RA bit) but it is: % dig @dns1.name-services.com www.dns-oarc.net ... ;; ANSWER SECTION: www.dns-oarc.net .3600IN A 69.64.147.243 ;; Query time: 158 msec since the ttl isn't ticking down on repeated queries, i think it's not recursive, it's got a wildcard of some kind. try this: dig @dns1.name-services.com lihdsiuhswluswf.com soa Every time I see an email like this I'm tempted to run off and register e.g lihdsiuhswluswf.com, just to be difficult. I manage to resist, but... Am I just a bastard or do others suffer from this compulsion as well? W paul ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Militant Agnostic -- I don't know and you don't either... ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
On Jan 15, 2013, at 10:41 AM, Warren Kumari wrote: since the ttl isn't ticking down on repeated queries, i think it's not recursive, it's got a wildcard of some kind. try this: dig @dns1.name-services.com lihdsiuhswluswf.com soa Every time I see an email like this I'm tempted to run off and register e.g lihdsiuhswluswf.com, just to be difficult. I manage to resist, but... Am I just a bastard or do others suffer from this compulsion as well? W Warren, Both, I don't think the two are mutually exclusive. :-) Rod ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
* Fan Of Network: I'd expect Enom to keep replying to queries as they used to before list of authoritative name servers for my domain was changed. In ideal world they should do that for TTL on parent server (here .com so 2 days) In an ideal world, they would serve the new zone contents, with the new NS RRset in particular. 8-) ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Enom's name server broken?
The only time I've seen DNS being pulled or domains pointed at holding pages as described is with resellers of registrars Not saying that registrars don't do it ever, but I've never seen any do it Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 16 Jan 2013, at 01:51, Mike Jones m...@mikejones.in wrote: On 15 January 2013 22:19, Matthew Ghali mgh...@snark.net wrote: TBH I've never even thought to have that expectation from a registrar; and in fact I'd never assume they do the right thing. My first domain registrar was the Internic, which probably explains the low bar. Many years later, working at a registrar (on a hosted DNS product!) only reinforced my beliefs. In an ideal world, you'd get exactly what you pay for. In reality you get less. Most people are definitely not paying for inter-provider coordination and a seamless service cutover. Heck, they're paying barely enough for service that answers *most* queries. Some registrars would probably argue 1 DNS server occasionally being up was good enough to meet their obligations for the free (meaning included in the price and you pay for it if you use it or not) service if past experience is anything to go by. but there's a difference between not 100% reliable which is acceptable to use on domains that aren't very important and we'll hijack your traffic to our landing page if you try to migrate away from us which I don't think is acceptable even for the least important domains I have. - Mike ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs