Home page logo
/

nanog logo nanog mailing list archives

Re: more on lame-delegation.org, seems to waste IP space and DNS
From: william () elan net
Date: Mon, 16 Jun 2003 19:05:17 -0700 (PDT)


If what they are doing is not ok, what would you propose?

Leaving dns hanging when domain is expired is not right either. Deleting 
domains when some other domain is using dns host in it, will cause 
problems for registry. They are doing best they can - fast rename and 
delete domain, then slow notification, change of dns for other domains 
and delete the glue.

The way it should work is to have central notification system for all 
top-level domains and country domains - if dns host is to be deleted, 
system notifies all zone operators, they check if they have any domains 
using those dns hosts and delete hosts from under those domains. Once ack 
is received from everybody (or notification time expires), the host glue 
is deleted. The problem is that this deletion process takes longer then 
standard domain deletion and for all registries the time and procedures to 
delete the domains  are different that is why central system does not 
seem to work. 

On Mon, 16 Jun 2003, John Brown wrote:


so i've been doing a bit more research on this.

NSI has *.lame-delegation.org which is used on zones where
selected or all NS are not valid for a zone.

some zones have a   lame-delegation.org  NS listed *AND* a
NS that is answering for the zone.

most zones have all NS's listed as  lame-delegation.org

Big deal you say, who cares....

The side affect is that a good chuck of glue records are
listed in the the gTLD DNS servers with NS's and IP's that
are basicly invalid.

In looking at a single /19 used by Rackspace.com, there
are 559 NS's listed using IP's from that /19.  

Of those 559 NS's over 20 are IP's tagged as  
*.lame-delegation.org.


What happens if someone sets up a service on those
IP's and a "quasi" lame zone gets a flood of traffic??

That poor customer is going to see a flood of DNS traffic.

Hosting providers may not be aware that THEIR IP space
is being "renamed" and listed for things they don't have
control over.

My thoughts are that if a registry as a  NS that is not proper
for a zone, that it should be REMOVE from the zones NS 
set.  

If there are no valid NS's for a zone, then the registry
should REMOVE the zone from the DNS.


Otherwise the registry zones will just grow with random glue


The other registries and registrars are doing similar things,
but different names....





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault