NSI policy on lame delagations
Seems that NSI has a new policy on lame delagations. I never heard anything about this. Anyone else? /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell (800) 299-1288 v CTO (925) 377-1212 v NameSecure (925) 377-1414 f Coming to the ISPF-II? The Forum for ISPs by ISPs http://www.ispf.com \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ ---------- Forwarded message ---------- Date: Fri, 20 Nov 1998 12:17:26 -0500 From: Chuck Gomes <cgomes@internic.net> Reply-To: cgomes@NETSOL.COM To: DOMAIN-POLICY@LISTS.INTERNIC.NET Subject: Re: Missing DNS servers When we become aware of a lame delegation, we remove the name servers and notify the registrant that they have a limited time to provide name servers. If name service is not provided, we delete the name. In the interim the record would show as you see below. Chuck Gomes -----Original Message----- From: Tony Cognata [mailto:yett@BRIO.YIKES.COM] Sent: Friday, November 20, 1998 11:57 AM To: DOMAIN-POLICY@LISTS.INTERNIC.NET Subject: Missing DNS servers I would hope that someone working at Network Solutions would know the answer to this question. Why would the "whois" record for a domain called ANSHAN.COM not show a primary and secondary DNS server? Here is the record for the domain: Spearmind Communications MK (ANSHAN7-DOM) Effnerstr. 1e Ingolstadt, Bayern 85049 DE Domain Name: ANSHAN.COM Administrative Contact: Koch, Mario (MK5132) mario.koch@USA.NET +49-841-483843 (FAX) +49-201-247180-10447 Technical Contact, Zone Contact: Hostmaster, TABNet (TH941) TABNETHOSTMASTER@TABNET.NET 707 256-1999 (FAX) 707 256-1997 Billing Contact: Koch, Mario (MK5132) mario.koch@USA.NET +49-841-483843 (FAX) +49-201-247180-10447 Record last updated on 25-Mar-98. Record created on 26-Jan-98. Database last updated on 13-Oct-98 06:21:01 EDT. No known domain servers. --- You'll note that the very last line of the record shows that no DNS servers exist for the domain. The sentence "No known domain servers" appears. Also, on rare occasions I have come across "whois" records for domains that show only one DNS server appearing, not the customary (and required) two. Just curious to know what might be happening in these cases? Thank you. -- DOMAIN-POLICY administrivia should be sent to <listserv@lists.internic.net> To unsubscribe send a message with only one line "SIGNOFF DOMAIN-POLICY" For more help regarding Listserv commands send the one line "HELP" -- DOMAIN-POLICY administrivia should be sent to <listserv@lists.internic.net> To unsubscribe send a message with only one line "SIGNOFF DOMAIN-POLICY" For more help regarding Listserv commands send the one line "HELP"
Patrick Greenwell wrote:
Seems that NSI has a new policy on lame delagations. I never heard anything about this. Anyone else?
Interesting. Their policies state you must have the name servers for a domain up and running before you apply for a domain, but they clearly do not enforce that... Sounds like they're adding checking after the fact. It still would be nice if they queried the name servers you told them were to be used during the application process, though. Dan -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranthnetworks.com
On Fri, 20 Nov 1998, Randy Bush wrote:
Seems that NSI has a new policy on lame delagations. I never heard anything about this. Anyone else?
ancient policy, possibly new mechanism.
there should be no lame delegations.
Sorry, I should have been more specific. I knew the policy existed, but I had never, until today heard of it being implemented in any way, shape, or form. The last message from NSI I remember seeing stated something to the effect that they never implemented it because there was not sufficient community consensus on how to do so. I do not object to the implementation of the policy in the slightest. What worries me is that policies might just start being implemented "all of a sudden" without notification to the community, which is why I was asking if anyone else was aware of any previous implementation of this policy or announcement of same. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell (800) 299-1288 v CTO (925) 377-1212 v NameSecure (925) 377-1414 f Coming to the ISPF-II? The Forum for ISPs by ISPs http://www.ispf.com \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
What worries me is that policies might just start being implemented "all of a sudden" without notification to the community, which is why I was asking if anyone else was aware of any previous implementation of this policy or announcement of same.
the policy has not changed since when the nic moved to sri. mechanisms have changed. follow the policy, and the mechanism for implementing it will not be of concern. randy
On Fri, 20 Nov 1998, Randy Bush wrote:
What worries me is that policies might just start being implemented "all of a sudden" without notification to the community, which is why I was asking if anyone else was aware of any previous implementation of this policy or announcement of same.
the policy has not changed since when the nic moved to sri. mechanisms have changed. follow the policy, and the mechanism for implementing it will not be of concern.
Randy, While an interesting statement in philosophy, I fail to understand the practical applicability of your advice in real world operations. Mechanisms for implementation aren't really the issue IMO. The greater issue is that there is any implementation at all, when there was none previously. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell (800) 299-1288 v CTO (925) 377-1212 v NameSecure (925) 377-1414 f Coming to the ISPF-II? The Forum for ISPs by ISPs http://www.ispf.com \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
On Fri, 20 Nov 1998, Randy Bush wrote:
The greater issue is that there is any implementation at all, when there was none previously.
your assertion is widely known to be false.
Randy, Thank you for your extremely helpful answer. Once again, since when has NSI been enforcing such a policy? /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell (800) 299-1288 v CTO (925) 377-1212 v NameSecure (925) 377-1414 f Coming to the ISPF-II? The Forum for ISPs by ISPs http://www.ispf.com \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
The greater issue is that there is any implementation at all, when there was none previously. your assertion is widely known to be false. Thank you for your extremely helpful answer. Once again, since when has NSI been enforcing such a policy?
isi enforced it. sri enforced it. nsi enforced it when they took over from sri. that they did not test for correct practice for a while does not make incorrect practice valid. welcome to the network slobs' mailing list. where we winge and make excuses for half-assed practices, and excoriate and hurl innuendo at those who try to ensure correct practice. randy
On Sun, 22 Nov 1998, Randy Bush wrote:
The greater issue is that there is any implementation at all, when there was none previously. your assertion is widely known to be false. Thank you for your extremely helpful answer. Once again, since when has NSI been enforcing such a policy?
isi enforced it. sri enforced it. nsi enforced it when they took over from sri. that they did not test for correct practice for a while does not make incorrect practice valid.
Who said anything about incorrect practices? My question was when did NSI begin enforcing the policy. I am not upset at the lame delagation policy at all. I am all for it.
welcome to the network slobs' mailing list. where we winge and make excuses for half-assed practices, and excoriate and hurl innuendo at those who try to ensure correct practice.
Indeed. When are you going to stop? /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell (800) 299-1288 v CTO (925) 377-1212 v NameSecure (925) 377-1414 f Coming to the ISPF-II? The Forum for ISPs by ISPs http://www.ispf.com \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
On Sun, 22 Nov 1998 14:28:01 -0800 (PST) Patrick Greenwell wrote:
Who said anything about incorrect practices? My question was when did NSI begin enforcing the policy. I am not upset at the lame delagation policy at all. I am all for it.
Patrick; It really was not very long ago that one could not register a domain until the new domain's nameservers were up. Clearly "not very long ago" was before your time. I recommend dropping this one. regards, fletcher
On Fri, 20 Nov 1998, Patrick Greenwell wrote:
While an interesting statement in philosophy, I fail to understand the practical applicability of your advice in real world operations.
The practical applicability is that you should always set up nameservice for a new domain and then send in the Internic application. With the automated systems that most ISPs are using these days it should be no problem to do this. There is no good technical reason to wait until a domain registration is processed before setting up nameservice. -- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com
On Sat, 21 Nov 1998, Michael Dillon wrote:
On Fri, 20 Nov 1998, Patrick Greenwell wrote:
While an interesting statement in philosophy, I fail to understand the practical applicability of your advice in real world operations.
The practical applicability is that you should always set up nameservice for a new domain and then send in the Internic application. With the automated systems that most ISPs are using these days it should be no problem to do this. There is no good technical reason to wait until a domain registration is processed before setting up nameservice.
Great advice Michael. We already do that. Again, my question is specifically *when* did NSI begin enforcing a lame delegation policy? On another mailing list NSI is now saying that they will apply this policy if someone listed a provider nameservers without their permission, however myself and others on our staff have been told on more than one occasion by NSI that there was nothing they could do in these instances. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell (800) 299-1288 v CTO (925) 377-1212 v NameSecure (925) 377-1414 f Coming to the ISPF-II? The Forum for ISPs by ISPs http://www.ispf.com \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
On Sat, Nov 21, 1998 at 11:58:40AM -0800, Patrick Greenwell wrote:
Again, my question is specifically *when* did NSI begin enforcing a lame delegation policy? On another mailing list NSI is now saying that they will apply this policy if someone listed a provider nameservers without their permission, however myself and others on our staff have been told on more than one occasion by NSI that there was nothing they could do in these instances.
nothing? They can turn off the domain if it was registered with incorrect information, or if they find that it was registered with nameservers the registrant is not allowed to use. I've heard, and this is only something I've heard and I can't substantiate it, that *officially* speaking, the only reason they turn off domains is for non-payment.... -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Spotted on a bumper sticker: "Possum. The other white meat."
On Sat, 21 Nov 1998, Patrick Greenwell wrote:
Again, my question is specifically *when* did NSI begin enforcing a lame delegation policy? On another mailing list NSI is now saying that they
I'm not convinced they have. I have a customer who's registered >1500 domains in the past year (he even paid NSI for them all), but has not had us setup DNS for the vast majority of them yet. A quick check of a few of them turned up none for which NSI has removed the lame DNS server entries. ----don't waste your cpu, crack rc5...www.distributed.net team enzo--- Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or Network Administrator | nestea'd...whatever it takes Florida Digital Turnpike | to get the job done. ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key________
On Fri, 20 Nov 1998, Randy Bush wrote:
there should be no lame delegations.
Agreed. However, testing sometime after registration (as they seem to be doing) is much more user friendly than testing before registration. The reason I say this is that some folks automatically reload their nameservers which have tens of thousands of domain names once a day and have clients that want domains registered on the same day they request them. (queuing is not an option.) +------------------- H U R R I C A N E - E L E C T R I C -------------------+ | Mike Leber Direct Internet Connections Voice 408 282 1540 | | Hurricane Electric Web Hosting & Co-location Fax 408 971 3340 | | mleber@he.net http://www.he.net | +---------------------------------------------------------------------------+
there should be no lame delegations. Agreed. However, testing sometime after registration (as they seem to be doing) is much more user friendly than testing before registration.
depends to which user you are trying to be friendly. there is a clear responsibility to the internet at large. there should be no lame delegations.
The reason I say this is that some folks automatically reload their nameservers which have tens of thousands of domain names once a day and have clients that want domains registered on the same day they request them. (queuing is not an option.)
if they intend to serve those clients, as opposed to pretending to do so, then they should load thier servers when they are pretending to do so. randy
On Sat, 21 Nov 1998, Randy Bush wrote:
if they intend to serve those clients, as opposed to pretending to do so, then they should load thier servers when they are pretending to do so.
So you are recommending that if they take 300 new accounts in a day they should reload their nameservers 300 times that day? Remember these aren't nameservers that serve 5 domains, figure tens of thousands. Perhaps I am not being clear. Reloads, even a HUP, cause named, even the new version, to pause for a while before being able to serve requests again. All the relevant nameservers for the domains would have to be reloaded 300 times a day in this case. It isn't good if named stops responding that often because it slows access to the web sites domains by inserting a dropped DNS query timeout every time the reloading server is queried (50% or 33% depending on 2 or 3 nameservers. If the reload takes 30 seconds then reloading 300 times == each nameserver is down for 150 minutes a day. Not good. Just so the nameservers aren't lame for even a moment? Doesn't being down 150 minutes a day make a nameserver atleast as bad as being lame for a single domain? Or do you suggest delaying client domain name registrations 24 hours? Customers aren't being unreasonable when they want timely registration... Anybody who has missed getting a specific domain name by a day can appreciate this. I've seen it happen many times. Explain to me the pretending part. +------------------- H U R R I C A N E - E L E C T R I C -------------------+ | Mike Leber Direct Internet Connections Voice 408 282 1540 | | Hurricane Electric Web Hosting & Co-location Fax 408 971 3340 | | mleber@he.net http://www.he.net | +---------------------------------------------------------------------------+
They should differentiate between registering a name and putting it into operation. They shouldn't attempt to put a name into operation until all the pieces are in place.
Or do you suggest delaying client domain name registrations 24 hours?
Customers aren't being unreasonable when they want timely registration... Anybody who has missed getting a specific domain name by a day can appreciate this. I've seen it happen many times.
if they intend to serve those clients, as opposed to pretending to do so, then they should load thier servers when they are pretending to do so. So you are recommending that if they take 300 new accounts in a day they should reload their nameservers 300 times that day?
then reload once a day, and be hoinest about it, both to the clients and to the world (i.e. nic). this is a no-brainer. people have been doing it for over a decade. there should be no lame delegations. rady
On Sat, 21 Nov 1998, Mike Leber wrote:
So you are recommending that if they take 300 new accounts in a day they should reload their nameservers 300 times that day?
There is a technical solutions to this problem. Fix BIND so that you can tell it to load a new domain without reloading everything. I'm sure I have heard of people who have customized BIND in this way. But an alternative to doing it yourself is to send ISC some money and request an admin interface that you can telnet to and issue commands like: LOAD ALL (same as kill -HUP) LOAD example.com,example.net,weenie.com,blazingxxx.com STOP (same as kill) ...
Remember these aren't nameservers that serve 5 domains, figure tens of thousands.
On the other hand, maybe there is another solution. Don't put all your eggs in one basket. Run at least two nameservers. Add all new domains to a nameserver that has a small enough number of zones that it can easily handle being reloaded every hour. Then every week, transfer them all to your HUMUNGO server. -- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com
On Sat, Nov 21, 1998 at 10:17:49AM -0800, Michael Dillon wrote:
On the other hand, maybe there is another solution. Don't put all your eggs in one basket. Run at least two nameservers.
This is a no-brainer. 1. If you're running only a primary and no secondaries, your DNS is an accident waiting to happen. 2. You're required to have at least two nameservers operational for each domain anyhow. This is true of the InterNIC, it's true of USC-ISI (the .US TLD), and I'm sure it's true of the foreign registries too. If you ARE running at least one secondary, it can pick up the slack while the primary is relaoding.
Add all new domains to a nameserver that has a small enough number of zones that it can easily handle being reloaded every hour. Then every week, transfer them all to your HUMUNGO server.
And I think this is an excellent idea. -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Spotted on a bumper sticker: "Possum. The other white meat."
On Sat, 21 Nov 1998, Steven J. Sobol wrote:
On the other hand, maybe there is another solution. Don't put all your eggs in one basket. Run at least two nameservers.
This is a no-brainer.
1. If you're running only a primary and no secondaries, your DNS is an accident waiting to happen.
Guess I should have said "run at least two sets of nameservers, i.e. two primaries and two secondaries. One set for recent additions... etc.".
If you ARE running at least one secondary, it can pick up the slack while the primary is relaoding.
Actually, I prefer an architecture in which the publicly accessible nameservers are all secondaries from a private primary nameserver. In other words, using BIND 4 terminology, the two nameservers registered with the Internic have only "secondary" records in their named.boot files and the nameserver with "primary" records is not used for anything except feeding these "secondary" nameservers. In BIND 8 this terminology changed to "master" and "slave", probably to avoid confusion with the fact that people tend to call the first nameserver in the list registered with the Internic, the "primary" nameserver but this does not mean that it has to be "primary" or "master" in the named config file. -- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com
On Sat, Nov 21, 1998 at 05:18:27PM -0800, Michael Dillon wrote:
On Sat, 21 Nov 1998, Steven J. Sobol wrote:
On the other hand, maybe there is another solution. Don't put all your eggs in one basket. Run at least two nameservers.
This is a no-brainer.
1. If you're running only a primary and no secondaries, your DNS is an accident waiting to happen.
Guess I should have said "run at least two sets of nameservers, i.e. two primaries and two secondaries. One set for recent additions... etc.".
I am of the opinion that you should have one or two nameservers on site and work out something with another ISP in another physical location, hanging off a different backbone, to also use their nameservers. (A lot of people will do secondaries at no charge, especially if you work out a reciprocal agreement with them). -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Spotted on a bumper sticker: "Possum. The other white meat."
I submit that this is a process issue. There is a manual process as well as an automated one. The two of them have to coordinate. The problem is that part of the process is non-deterministic and is thus very difficult to automate. Until someone definitively solves the non-deterministic part there will always be some uncertainty in the domain name submission/approval process. This can be largely countered by proper education, by the ISP, of the Domain Name requestor. Basically, lag times need to be considered on both sides of the issue. The requestor can't consider their domain, as theirs, until they get confirmation, from the registrar. Conversely, the reqistrar can't require there to be existing name servers until the requestor has recieved confirmation of the domain name. I submit that it is incumbent on the requestor to inform the registrar when such servers are ready, this is a process step that is not included in the current process. At such time, the registrar can then reasonably expect the new name servers to be running and perform the process-step of fully activating the domain. At 04:40 AM 11/21/98 -0800, Randy Bush wrote:
there should be no lame delegations. Agreed. However, testing sometime after registration (as they seem to be doing) is much more user friendly than testing before registration.
depends to which user you are trying to be friendly. there is a clear responsibility to the internet at large.
there should be no lame delegations.
The reason I say this is that some folks automatically reload their nameservers which have tens of thousands of domain names once a day and have clients that want domains registered on the same day they request them. (queuing is not an option.)
if they intend to serve those clients, as opposed to pretending to do so, then they should load thier servers when they are pretending to do so.
randy
___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ Who is John Galt? "Atlas Shrugged" - Ayn Rand
On Sat, Nov 21, 1998 at 12:25:32AM -0800, Mike Leber wrote:
The reason I say this is that some folks automatically reload their nameservers which have tens of thousands of domain names once a day and have clients that want domains registered on the same day they request them. (queuing is not an option.)
Ok, so here's the stupid question of the month (and I ask this with all due regard for the time and effort Paul has put into BIND)... Given (for example) PostGreSQL, is there any reason why someone hasn't ported the algorithms of BIND on top of something like it? It seems to me that it ought to be possible to keep a nameserver running whilst one is doing maintenance on it... (and PS: I realize that the answer to this may amount to Nameserver 101; if you think so, respond privately; I'll summarize to any one who cares...) Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Buy copies of The New Hackers Dictionary. The Suncoast Freenet Give them to all your friends. Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592
Ok, so here's the stupid question of the month (and I ask this with all due regard for the time and effort Paul has put into BIND)...
Given (for example) PostGreSQL, is there any reason why someone hasn't ported the algorithms of BIND on top of something like it? It seems to me that it ought to be possible to keep a nameserver running whilst one is doing maintenance on it...
(and PS: I realize that the answer to this may amount to Nameserver 101; if you think so, respond privately; I'll summarize to any one who cares...)
Cheers, -- jra
lbnamed - R.Schemers (stanford)
On Sat, Nov 21, 1998 at 12:25:32AM -0800, Mike Leber wrote:
The reason I say this is that some folks automatically reload their nameservers which have tens of thousands of domain names once a day and have clients that want domains registered on the same day they request them. (queuing is not an option.)
Which is rather silly, since their clients should be made aware that the providers HAVE TO go through a third party, and although NetSol has been very good about getting new registrations done *very* promptly, there is no guarantee that the registrations will be complete the same day (nor, imho, should there be; if I was running the registry I wouldn't guarantee that). -- Steve Sobol [sjsobol@nacs.net] Part-time Support Droid [support@nacs.net] NACS Spaminator [abuse@nacs.net] Spotted on a bumper sticker: "Possum. The other white meat."
On Fri, 20 Nov 1998, Patrick Greenwell wrote:
Also, on rare occasions I have come across "whois" records for domains that show only one DNS server appearing, not the customary (and required) two.
FWIW, About 3 months ago I registered a domain with two nameservers, only the primary wasn't listed in the whois database at the time. For about 2 days, the whois record only listed the secondary nameserver (but both NS records were listed when looked up in the root servers). -- _______________ Chris Josephes __/ MRNet \ chrisj@mr.net __/ http://www.mr.net/ \________________/
On Fri, Nov 20, 1998 at 04:46:15PM -0800, Patrick Greenwell wrote:
Seems that NSI has a new policy on lame delagations. I never heard anything about this. Anyone else?
FWIW, Msen has been blasting the NIC with phone calls and faxes as we find lame delegations. In several instances, these are domains that registered to use us without our permission and in some of them, its a spamming domain. I would prefer a guardian object on our nameservers preventing their unauthorized use and also the ability to remove those objects from records WITHOUT being a contact for the domain. But I'm dreaming...
Patrick Greenwell (800) 299-1288 v
-- Jeffrey Haas "He that breaks a thing to find out what it is has elezar@pfrc.org left the paths of wisdom." (Or works for Fermilab...)
FWIW, Msen has been blasting the NIC with phone calls and faxes as we find lame delegations. In several instances, these are domains that registered to use us without our permission and in some of them, its a spamming domain.
i figure it just adds to the nic's overload. so, when i find a domain which has been lamely delegated to one of my servers, i just put in an authoritative zone for it with a short ttl soa and a wildcard mx * MX 0 some.schmuck.lame.delegated.to.the.host.name. or the analogous PTR for in-addr zones. it immediately stops any overload on my server and usually gets fixed fairly quickly, no muss no fuss. randy
How do you make sure that these get cleaned out after they fix the problem and the name is in use?
which has been lamely delegated to one of my servers, i just put in an authoritative zone for it with a short ttl soa and a wildcard mx
* MX 0 some.schmuck.lame.delegated.to.the.host.name.
or the analogous PTR for in-addr zones.
it immediately stops any overload on my server and usually gets fixed fairly quickly, no muss no fuss.
participants (14)
-
bmanning@vacation.karoshi.com
-
Chris Josephes
-
Daniel Senie
-
elezar@pfrc.org
-
Fletcher E Kittredge
-
Jay R. Ashworth
-
Jon Lewis
-
jzeeff@verio.net
-
Michael Dillon
-
Mike Leber
-
Patrick Greenwell
-
Randy Bush
-
Roeland M.J. Meyer
-
Steven J. Sobol