Moving DNS out of non-cooperative provider
John Miller
johnmill at brandeis.edu
Tue Jun 19 21:14:41 UTC 2012
Thanks to everyone for their help with this, and I didn't even start the
thread! I definitely hadn't considered the issue of external CNAMES or
their ramifications.
RCN's now returning SERVFAIL for us, which is still a bit weird (most
everyone answers with REFUSED for other people's domains), so I've
contacted them again. Hopefully the cease-and-desist won't be necessary.
John
On 06/19/2012 06:45 AM, Tony Finch wrote:
> Mark Andrews<marka at isc.org> wrote:
>> In message<4FDF631A.4060405 at brandeis.edu>, John Miller writes:
>>>
>>> We've actually run into this before. Once upon a time, RCN cable used
>>> to run some slave servers for us, but we've long since moved away from
>>> them, including zone transfers. We yanked them from our registrar a
>>> long time ago, and life was good. For whatever reason, RCN's still
>>> answering queries for brandeis.edu.
>>
>> And if there is another zone with a CNAME to a brandeis.edu domain
>> on those servers the clients will be getting old data. As you have
>> no control over creation of CNAMEs in other zones I would suggest
>> that you send them a Cease and Decist notice if they are still doing
>> it.
>
> Here's a tip for anyone running an open DNS hosting service: you can use
> "additional-from-auth no; additional-from-cache no;" to reduce problems of
> this kind.
>
> Tony.
More information about the bind-users
mailing list