Need someone with clue @ Network Solutions.
I need to get Network Solutions to remove glue records for hosts in my domain. My domain isn’t registered with Network Solutions and they refuse to speak with me as I’m not a customer. I’ve had my customer attempt to update their domain through Network Solutions but the only thing they can change is the NS record, not the underlying host glue record. I don’t think the glue records even need to exist as they are published by my domain already. Does anyone have any contacts at Network Solutions that can help? Example: dig <MY_CUSTOMER>.com NS @i.gtld-servers.net. ; <<>> DiG 9.10.6 <<>> <MY_CUSTOMER>.com NS @i.gtld-servers.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24593 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;<MY_CUSTOMER>.com. IN NS ;; AUTHORITY SECTION: <MY_CUSTOMER>.com. 172800 IN NS dns-auth4.crocker.com. <MY_CUSTOMER>.com. 172800 IN NS dns-auth3.crocker.com. ;; ADDITIONAL SECTION: dns-auth4.crocker.com. 172800 IN A 66.59.48.95 dns-auth3.crocker.com. 172800 IN A 66.59.48.94 ;; Query time: 73 msec ;; SERVER: 192.43.172.30#53(192.43.172.30) ;; WHEN: Tue Dec 15 11:34:41 EST 2020 ;; MSG SIZE rcvd: 124 The correct servers are: dns-auth3.crocker.com. 299 IN A 66.59.61.10 dns-auth4.crocker.com. 299 IN A 66.59.61.194
Hi Matt It has been a long time since I’ve used network solutions but from what I remember in their interface you have a section advanced or more settings to create your dns servers before associating them to the domain. And it is in this section where you can create or change the dns name and IP address. Once they are ok, then you go inside the domain where you can assign them to the domain. Sorry no contact Brian From: NANOG <nanog-bounces+b.turnbow=twt.it@nanog.org> On Behalf Of Matthew Crocker Sent: Tuesday, December 15, 2020 5:43 PM To: nanog@nanog.org Subject: Need someone with clue @ Network Solutions. I need to get Network Solutions to remove glue records for hosts in my domain. My domain isn’t registered with Network Solutions and they refuse to speak with me as I’m not a customer. I’ve had my customer attempt to update their domain through Network Solutions but the only thing they can change is the NS record, not the underlying host glue record. I don’t think the glue records even need to exist as they are published by my domain already. Does anyone have any contacts at Network Solutions that can help? Example: dig <MY_CUSTOMER>.com NS @i.gtld-servers.net. ; <<>> DiG 9.10.6 <<>> <MY_CUSTOMER>.com NS @i.gtld-servers.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24593 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;<MY_CUSTOMER>.com. IN NS ;; AUTHORITY SECTION: <MY_CUSTOMER>.com. 172800 IN NS dns-auth4.crocker.com. <MY_CUSTOMER>.com. 172800 IN NS dns-auth3.crocker.com. ;; ADDITIONAL SECTION: dns-auth4.crocker.com. 172800 IN A 66.59.48.95 dns-auth3.crocker.com. 172800 IN A 66.59.48.94 ;; Query time: 73 msec ;; SERVER: 192.43.172.30#53(192.43.172.30) ;; WHEN: Tue Dec 15 11:34:41 EST 2020 ;; MSG SIZE rcvd: 124 The correct servers are: dns-auth3.crocker.com. 299 IN A 66.59.61.10 dns-auth4.crocker.com. 299 IN A 66.59.61.194
Thanks everyone who responded It appears I should have been looking for clue in my own network. Amazon hosts crocker.com and they have the glue records. Apparently left over from when the domain was with Network Solutions. I have tickets open with Amazon to get them removed/updated. -Matt From: NANOG <nanog-bounces+matthew=corp.crocker.com@nanog.org> on behalf of Matthew Crocker <matthew@corp.crocker.com> Date: Tuesday, December 15, 2020 at 11:43 AM To: "nanog@nanog.org" <nanog@nanog.org> Subject: [EXTERNAL]Need someone with clue @ Network Solutions. CAUTION: This email originated from outside of Crocker. Do not click links or open attachments unless you recognize the sender and know the content is safe. I need to get Network Solutions to remove glue records for hosts in my domain. My domain isn’t registered with Network Solutions and they refuse to speak with me as I’m not a customer. I’ve had my customer attempt to update their domain through Network Solutions but the only thing they can change is the NS record, not the underlying host glue record. I don’t think the glue records even need to exist as they are published by my domain already. Does anyone have any contacts at Network Solutions that can help? Example: dig <MY_CUSTOMER>.com NS @i.gtld-servers.net. ; <<>> DiG 9.10.6 <<>> <MY_CUSTOMER>.com NS @i.gtld-servers.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24593 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;<MY_CUSTOMER>.com. IN NS ;; AUTHORITY SECTION: <MY_CUSTOMER>.com. 172800 IN NS dns-auth4.crocker.com. <MY_CUSTOMER>.com. 172800 IN NS dns-auth3.crocker.com. ;; ADDITIONAL SECTION: dns-auth4.crocker.com. 172800 IN A 66.59.48.95 dns-auth3.crocker.com. 172800 IN A 66.59.48.94 ;; Query time: 73 msec ;; SERVER: 192.43.172.30#53(192.43.172.30) ;; WHEN: Tue Dec 15 11:34:41 EST 2020 ;; MSG SIZE rcvd: 124 The correct servers are: dns-auth3.crocker.com. 299 IN A 66.59.61.10 dns-auth4.crocker.com. 299 IN A 66.59.61.194
On Tue, Dec 15, 2020 at 9:41 AM Matthew Crocker <matthew@corp.crocker.com> wrote:
It appears I should have been looking for clue in my own network. Amazon hosts crocker.com and they have the glue records. Apparently left over from when the domain was with Network Solutions. I have tickets open with Amazon to get them removed/updated.
Yeah, the basic problem you have is that AWS is not a full service registrar, so when you register and host your domain in Route53, you don't have access to some of the tools a normal registrar gives you. Namely creating and deleting glue records associated with your domain. Even when you host with AWS you're kinda better off registering somewhere else. Regards, Bill Herrin -- Hire me! https://bill.herrin.us/resume/
Matthew, I haven’t seen this problem in a long time where someone else submits data to cause the out-of-zone glue to appear. It’s possible there’s something happening at NETSOL that is causing this, but the best way is for you to go into your registrar and ensure they’re publishing the proper host records for your in-zone glue which should address this if nobody got back to you yet. It may also be easier to find someone on the dns-operations list than NANOG these days. - Jared
On Dec 15, 2020, at 11:43 AM, Matthew Crocker <matthew@corp.crocker.com> wrote:
I need to get Network Solutions to remove glue records for hosts in my domain. My domain isn’t registered with Network Solutions and they refuse to speak with me as I’m not a customer.
I’ve had my customer attempt to update their domain through Network Solutions but the only thing they can change is the NS record, not the underlying host glue record. I don’t think the glue records even need to exist as they are published by my domain already.
Does anyone have any contacts at Network Solutions that can help?
Example:
dig <MY_CUSTOMER>.com NS @i.gtld-servers.net.
; <<>> DiG 9.10.6 <<>> <MY_CUSTOMER>.com NS @i.gtld-servers.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24593 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;<MY_CUSTOMER>.com. IN NS
;; AUTHORITY SECTION: <MY_CUSTOMER>.com. 172800 IN NS dns-auth4.crocker.com. <MY_CUSTOMER>.com. 172800 IN NS dns-auth3.crocker.com.
;; ADDITIONAL SECTION: dns-auth4.crocker.com. 172800 IN A 66.59.48.95 dns-auth3.crocker.com. 172800 IN A 66.59.48.94
;; Query time: 73 msec ;; SERVER: 192.43.172.30#53(192.43.172.30) ;; WHEN: Tue Dec 15 11:34:41 EST 2020 ;; MSG SIZE rcvd: 124
The correct servers are:
dns-auth3.crocker.com. 299 IN A 66.59.61.10 dns-auth4.crocker.com. 299 IN A 66.59.61.194
On Tue, Dec 15, 2020 at 04:43:08PM +0000, Matthew Crocker wrote:
I need to get Network Solutions to remove glue records for hosts in my domain. My domain isn’t registered with Network Solutions and they refuse to speak with me as I’m not a customer. ;; AUTHORITY SECTION:
<MY_CUSTOMER>.com. 172800 IN NS dns-auth4.crocker.com.
<MY_CUSTOMER>.com. 172800 IN NS dns-auth3.crocker.com.
;; ADDITIONAL SECTION:
dns-auth4.crocker.com. 172800 IN A 66.59.48.95
dns-auth3.crocker.com. 172800 IN A 66.59.48.94
You or someone else who owns crocker.com appears to have created these nameserver objects (these are not a part of DNS, except that they may show up as glue) in the registry: $ curl https://rdap.verisign.com/com/v1/nameserver/dns-auth4.crocker.com {"objectClassName":"nameserver","ldhName":"DNS-AUTH4.CROCKER.COM","ipAddresses":{"v4":["66.59.48.95"]},"links":[{"value":"https:\/\/rdap.verisign.com\/com\/v1\/nameserver\/DNS-AUTH4.CROCKER.COM","rel":"self","href":"https:\/\/rdap.verisign.com\/com\/v1\/nameserver\/DNS-AUTH4.CROCKER.COM","type":"application\/rdap+json"}],"events":[{"eventAction":"last update of RDAP database","eventDate":"2020-12-15T12:06:46Z"}],"rdapConformance":["rdap_level_0","icann_rdap_technical_implementation_guide_0","icann_rdap_response_profile_0"],"notices":[{"title":"Terms of Use","description":["Service subject to Terms of Use."],"links":[{"href":"https:\/\/www.verisign.com\/domain-names\/registration-data-access-protocol\/terms-service\/index.xhtml","type":"text\/html"}]}]} $ curl https://rdap.verisign.com/com/v1/nameserver/dns-auth3.crocker.com {"objectClassName":"nameserver","ldhName":"DNS-AUTH3.CROCKER.COM","ipAddresses":{"v4":["66.59.48.94"]},"links":[{"value":"https:\/\/rdap.verisign.com\/com\/v1\/nameserver\/DNS-AUTH3.CROCKER.COM","rel":"self","href":"https:\/\/rdap.verisign.com\/com\/v1\/nameserver\/DNS-AUTH3.CROCKER.COM","type":"application\/rdap+json"}],"events":[{"eventAction":"last update of RDAP database","eventDate":"2020-12-15T12:06:46Z"}],"rdapConformance":["rdap_level_0","icann_rdap_technical_implementation_guide_0","icann_rdap_response_profile_0"],"notices":[{"title":"Terms of Use","description":["Service subject to Terms of Use."],"links":[{"href":"https:\/\/www.verisign.com\/domain-names\/registration-data-access-protocol\/terms-service\/index.xhtml","type":"text\/html"}]}]} Other domains can use these objects as their nameservers. Login into your registar account (which appears to be Amazon) and manage these nameserver objects. Your registar will usually provide a UI to "manage nameservers" or something similar under which you should find these objects. Mukund
In article <20201215174646.GA970751@jurassic.vpn.malgudi.org> you write:
You or someone else who owns crocker.com appears to have created these nameserver objects (these are not a part of DNS, except that they may show up as glue) in the registry:
Right. When I query the .COM zone servers, they say quite clearly that there is no crocker.com glue in the .COM zone. See below. The registry nameserver objects are fine. They let his users register domains that use his nameservers. I think that without some clearer indication that something is wrong we can close this issue. R's, John $ dig @g.gtld-servers.net. dns-auth3.crocker.com a ; <<>> DiG 9.10.6 <<>> @g.gtld-servers.net. dns-auth3.crocker.com a ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31790 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dns-auth3.crocker.com. IN A ;; AUTHORITY SECTION: crocker.com. 172800 IN NS ns-8.awsdns-01.com. crocker.com. 172800 IN NS ns-1005.awsdns-61.net. crocker.com. 172800 IN NS ns-1775.awsdns-29.co.uk. crocker.com. 172800 IN NS ns-1317.awsdns-36.org. ;; ADDITIONAL SECTION: ns-8.awsdns-01.com. 172800 IN A 205.251.192.8 ;; Query time: 74 msec ;; SERVER: 2001:503:eea3::30#53(2001:503:eea3::30) ;; WHEN: Tue Dec 15 18:35:38 EST 2020 ;; MSG SIZE rcvd: 202
"JL" == John Levine <johnl@iecc.com> writes:
JL> Right. When I query the .COM zone servers, they say quite clearly that JL> there is no crocker.com glue in the .COM zone. See below. a czds dl, however, shows: :; zgrep -E ^dns-auth.\.crocker\.com com.txt.gz dns-auth1.crocker.com. 172800 in a 66.59.48.87 dns-auth2.crocker.com. 172800 in a 66.59.48.88 dns-auth3.crocker.com. 172800 in a 66.59.48.94 dns-auth4.crocker.com. 172800 in a 66.59.48.95 and leaving off the ^ shows that a large number of zones use those. -JimC -- James Cloos <cloos@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
a czds dl, however, shows:
You're right, I checked again.
:; zgrep -E ^dns-auth.\.crocker\.com com.txt.gz dns-auth1.crocker.com. 172800 in a 66.59.48.87 dns-auth2.crocker.com. 172800 in a 66.59.48.88 dns-auth3.crocker.com. 172800 in a 66.59.48.94 dns-auth4.crocker.com. 172800 in a 66.59.48.95
and leaving off the ^ shows that a large number of zones use those.
Since crocker.com uses different NS, I still don't see why they're in the .COM zone. Making inquiries. Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
At this point I've basically given up and I'm moving the 66.59.48.x IPs to a new datacenter over the weekend. I'll move the DNS servers on the old IPs to the new datacenter and call it a day. We are trying to get all of the customers to re-register anyway, then I'll shut all of this down. Thanks for the help On 12/17/20, 3:16 PM, "NANOG on behalf of John R. Levine" <nanog-bounces+matthew=corp.crocker.com@nanog.org on behalf of johnl@iecc.com> wrote: CAUTION: This email originated from outside of Crocker. Do not click links or open attachments unless you recognize the sender and know the content is safe. > a czds dl, however, shows: You're right, I checked again. > :; zgrep -E ^dns-auth.\.crocker\.com com.txt.gz > dns-auth1.crocker.com. 172800 in a 66.59.48.87 > dns-auth2.crocker.com. 172800 in a 66.59.48.88 > dns-auth3.crocker.com. 172800 in a 66.59.48.94 > dns-auth4.crocker.com. 172800 in a 66.59.48.95 > > and leaving off the ^ shows that a large number of zones use those. Since crocker.com uses different NS, I still don't see why they're in the .COM zone. Making inquiries. Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
I'm curious, and my apologies if I missed it, but crocker.com is registered at Amazon, and the COM whois shows that it was Amazon's registrar that added the host records. Were you able to work with the Amazon registrar (not AWS), as one of their customers, to get the records removed; since crocker.com is not delegated to those servers? If not, that's a pretty big gap in their registrar offering. Doug http://registrar.amazon.com/ On 12/18/20 11:03 AM, Matthew Crocker wrote:
At this point I've basically given up and I'm moving the 66.59.48.x IPs to a new datacenter over the weekend. I'll move the DNS servers on the old IPs to the new datacenter and call it a day. We are trying to get all of the customers to re-register anyway, then I'll shut all of this down.
Thanks for the help
On 12/17/20, 3:16 PM, "NANOG on behalf of John R. Levine" <nanog-bounces+matthew=corp.crocker.com@nanog.org on behalf of johnl@iecc.com> wrote:
CAUTION: This email originated from outside of Crocker. Do not click links or open attachments unless you recognize the sender and know the content is safe.
> a czds dl, however, shows:
You're right, I checked again.
> :; zgrep -E ^dns-auth.\.crocker\.com com.txt.gz > dns-auth1.crocker.com. 172800 in a 66.59.48.87 > dns-auth2.crocker.com. 172800 in a 66.59.48.88 > dns-auth3.crocker.com. 172800 in a 66.59.48.94 > dns-auth4.crocker.com. 172800 in a 66.59.48.95 > > and leaving off the ^ shows that a large number of zones use those.
Since crocker.com uses different NS, I still don't see why they're in the .COM zone. Making inquiries.
Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Yes I tried reaching out to Amazon and they said they can't help me. Crocker.com was hosted with Network Solutions earlier this year. I'm thinking it might transfer it back to Network Solutions and get them to delete the stale records. Amazon Route53 is great, Amazon Registrar not so much. On 12/18/20, 4:36 PM, "NANOG on behalf of Doug Barton" <nanog-bounces+matthew=corp.crocker.com@nanog.org on behalf of dougb@dougbarton.us> wrote: CAUTION: This email originated from outside of Crocker. Do not click links or open attachments unless you recognize the sender and know the content is safe. I'm curious, and my apologies if I missed it, but crocker.com is registered at Amazon, and the COM whois shows that it was Amazon's registrar that added the host records. Were you able to work with the Amazon registrar (not AWS), as one of their customers, to get the records removed; since crocker.com is not delegated to those servers? If not, that's a pretty big gap in their registrar offering. Doug http://registrar.amazon.com/ On 12/18/20 11:03 AM, Matthew Crocker wrote: > > At this point I've basically given up and I'm moving the 66.59.48.x IPs to a new datacenter over the weekend. I'll move the DNS servers on the old IPs to the new datacenter and call it a day. We are trying to get all of the customers to re-register anyway, then I'll shut all of this down. > > Thanks for the help > > On 12/17/20, 3:16 PM, "NANOG on behalf of John R. Levine" <nanog-bounces+matthew=corp.crocker.com@nanog.org on behalf of johnl@iecc.com> wrote: > > CAUTION: This email originated from outside of Crocker. Do not click links or open attachments unless you recognize the sender and know the content is safe. > > > > a czds dl, however, shows: > > You're right, I checked again. > > > :; zgrep -E ^dns-auth.\.crocker\.com com.txt.gz > > dns-auth1.crocker.com. 172800 in a 66.59.48.87 > > dns-auth2.crocker.com. 172800 in a 66.59.48.88 > > dns-auth3.crocker.com. 172800 in a 66.59.48.94 > > dns-auth4.crocker.com. 172800 in a 66.59.48.95 > > > > and leaving off the ^ shows that a large number of zones use those. > > Since crocker.com uses different NS, I still don't see why they're in the > .COM zone. Making inquiries. > > Regards, > John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", > Please consider the environment before reading this e-mail. https://jl.ly >
participants (9)
-
Brian Turnbow
-
Doug Barton
-
James Cloos
-
Jared Mauch
-
John Levine
-
John R. Levine
-
Matthew Crocker
-
Mukund Sivaraman
-
William Herrin