.net delegation question
Ketil Froyn
isc_bind at ketil.froyn.name
Wed Mar 24 12:28:07 UTC 2004
On Tue, 2004-03-23 at 21:41, CharlesH wrote:
> I am getting a
>
> enforced delegation-only for 'net' (ns2.9t5.net/A/IN) from 192.42.93.30#53
> message from my named ( bind-9.2.2-P3 ). And indeed, and "dig +trace
> ns2.9t5.net" on a server without the delegation patch shows an A record
> coming from 192.5.6.30(A.GTLD-SERVERS.net). Is Verisign up to some
> monkey business again, or why exactly is this server returning something
> other than a NS delegation?
That looks like a glue record. The domain 9t5.net has status
REGISTRAR-HOLD, and it is out of the zone, but that doesn't mean they
have to take the glue out of the zone. It will probably disappear if the
domain is deleted.
It looks like this is an example where careful thought put into DNS
operations by the operator of .net is broken by delegation-only
functionality. The operator of .net has chosen to leave glue in the zone
despite putting the domain on hold. This means that other domains using
this as a name server (even ones in different zones) keep working. I
assume some of those domains exist, otherwise you probably wouldn't be
getting that message from named.
Still certain you want to use delegation-only?
Ketil
More information about the bind-users
mailing list