gtld-servers returning multiple A records for a NS?
When did this start?
dig uunet.com @a.gtld-servers.net
; <<>> DiG 8.3 <<>> uunet.com @a.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; QUERY SECTION: ;; uunet.com, type = A, class = IN ;; AUTHORITY SECTION: uunet.com. 2D IN NS NS.UU.NET. uunet.com. 2D IN NS UUCP-GW-1.PA.DEC.com. uunet.com. 2D IN NS UUCP-GW-2.PA.DEC.com. ;; ADDITIONAL SECTION: NS.UU.NET. 2D IN A 137.39.1.3 UUCP-GW-1.PA.DEC.com. 2D IN A 16.1.0.18 UUCP-GW-1.PA.DEC.com. 2D IN A 204.123.2.18 UUCP-GW-2.PA.DEC.com. 2D IN A 16.1.0.19 Regards, Matt -- Matt Levine @Home: matt@deliver3.com @Work: matt@eldosales.com ICQ : 17080004 AIM : exile PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX
Once upon a time, Matt Levine <matt@deliver3.com> said:
When did this start? <snip> ;; ADDITIONAL SECTION: UUCP-GW-1.PA.DEC.com. 2D IN A 16.1.0.18 UUCP-GW-1.PA.DEC.com. 2D IN A 204.123.2.18
Apparently, about a year ago at least: $ whois "host UUCP-GW-1.PA.DEC.COM"@whois.networksolutions.com [whois.networksolutions.com] <snip legal crap> [No name] (UUCP-GW-1) Hostname: UUCP-GW-1.PA.DEC.COM Address: 16.1.0.18 204.123.2.18 System: ? running ? Coordinator: Penza, Brett (SJ4172) bpenza@CORPEMAIL.COM ACS Auxiliaries Group 116 Roddy Avenue South Attleboro, MA 02703-7974 508-399-6400 (FAX) 508-399-6047 Record last updated on 19-Apr-2001. Database last updated on 3-Apr-2002 12:31:00 EST. $ -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Its been like that for years, just very rare cases. Worth is that about 4-6 months ago I started seeing multiple dns servers registered for the same ip address. Plus to that neither .biz nor .info dns servers are even showing on the internic root. System is totally broken, I'll try to raise this issue on the upcoming ARIN conference, although its not exactly correct place for it. On Thu, 4 Apr 2002, Matt Levine wrote:
When did this start?
dig uunet.com @a.gtld-servers.net
; <<>> DiG 8.3 <<>> uunet.com @a.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; QUERY SECTION: ;; uunet.com, type = A, class = IN
;; AUTHORITY SECTION: uunet.com. 2D IN NS NS.UU.NET. uunet.com. 2D IN NS UUCP-GW-1.PA.DEC.com. uunet.com. 2D IN NS UUCP-GW-2.PA.DEC.com.
;; ADDITIONAL SECTION: NS.UU.NET. 2D IN A 137.39.1.3 UUCP-GW-1.PA.DEC.com. 2D IN A 16.1.0.18 UUCP-GW-1.PA.DEC.com. 2D IN A 204.123.2.18 UUCP-GW-2.PA.DEC.com. 2D IN A 16.1.0.19
Regards, Matt -- Matt Levine @Home: matt@deliver3.com @Work: matt@eldosales.com ICQ : 17080004 AIM : exile PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX
Hello, Thursday, April 04, 2002, 3:26:18 AM, you wrote: wen> Worth is that about 4-6 months ago I started seeing multiple dns servers wen> registered for the same ip address. Plus to that neither .biz nor .info wen> dns servers are even showing on the internic root. Yea, apparently in January Verisign changed their long standing policy of allowing only one name server to be registered per IP Address. To confuse matters even more, I don't think all of the registrars support this, and I have not seen anything official from ICANN (not that anyone cares what ICANN thinks). allan -- allan allan@allan.org http://www.allan.org
On Thu, 4 Apr 2002, Allan Liska wrote:
Yea, apparently in January Verisign changed their long standing policy of allowing only one name server to be registered per IP Address. To confuse matters even more, I don't think all of the registrars support this, and I have not seen anything official from ICANN (not that anyone cares what ICANN thinks).
I'm not certain that this is entirely accurate. Certainly, ns0.ja.net has had two IP addresses for as long as I can remember (at least for the last five years...) and has been happily reflected in the whois and .net zone. -- Paul
<snip>
Yea, apparently in January Verisign changed their long standing policy of allowing only one name server to be registered per IP Address. To confuse matters even more, I don't think all of the registrars support this, and I have not seen anything official from ICANN (not that anyone cares what ICANN thinks).
I'm not certain that this is entirely accurate. Certainly, ns0.ja.net has had two IP addresses for as long as I can remember (at least for the last five years...) and has been happily reflected in the whois and .net zone.
The policy change mentioned would mean that ns0.ja.net and ns3.ja.net could be the same IP Address, which had previously not been allowed. Can't speak for other registars, but opensrs will now let you register multiple NS's on an IP. Regards, Matt -- Matt Levine @Home: matt@deliver3.com @Work: matt@eldosales.com ICQ : 17080004 AIM : exile PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX
Hello Paul, Thursday, April 04, 2002, 7:13:11 AM, you wrote: PT> On Thu, 4 Apr 2002, Allan Liska wrote:
Yea, apparently in January Verisign changed their long standing policy of allowing only one name server to be registered per IP Address. To confuse matters even more, I don't think all of the registrars support this, and I have not seen anything official from ICANN (not that anyone cares what ICANN thinks).
PT> I'm not certain that this is entirely accurate. Certainly, ns0.ja.net has PT> had two IP addresses for as long as I can remember (at least for the last PT> five years...) and has been happily reflected in the whois and .net zone. My apologies, I worded that badly. I meant, Verisign now allows multiple hosts to share the same IP Address, e.g.: ns1.example.com 10.10.0.1 ns2.example.com 10.10.0.1 I don't believe this was allowed prior to January. allan -- allan allan@allan.org http://www.allan.org
That is exactly the situation of original question - having two ips for same dns server. It is not possible to register new dns server this way but long time ago when internic dns/whois system was originally introduced (pre 1990 to around 1994) it was possible and some companies did that, plus I think some of it came out of original hosts files maintained by NSF network participants and how it was converted that domains had one dns server with multiple ips (this is before my time; this is what I'v been told by older sysadmin who originally introduced me to dns in around 1991) but I indeed seen multiple ips for first one or two dns servers for some of the oldest domains (xerox had it, ibm I think; great number of edu domains - these all disappeared when transfered to educause), lately these old dns records all have been disappearing. Now it appears there is reverse situation - some registrars allow (and verisign no longer gives an error) to register dns servers in different domains all pointing to the same ip. I belive they may have some stupid idea to help/encourage using shared hosting and preserve ip space.
On Thu, 4 Apr 2002, Allan Liska wrote:
Yea, apparently in January Verisign changed their long standing policy of allowing only one name server to be registered per IP Address. To confuse matters even more, I don't think all of the registrars support this, and I have not seen anything official from ICANN (not that anyone cares what ICANN thinks).
I'm not certain that this is entirely accurate. Certainly, ns0.ja.net has had two IP addresses for as long as I can remember (at least for the last five years...) and has been happily reflected in the whois and .net zone.
-- Paul
Matt Levine wrote:
When did this start?
Associating multiple IP addresses with a single name server (i.e., multiple A records with the same owner) in the com, net and org zones has always been possible with the NSI Registry/VeriSign Global Registry Services. This behavior is documented in the RRP protocol spec; please see RFC 2832, section 4.3.1.2. Whether or not a given registrar supports this is another matter and I don't know what each one allows. william@elan.net wrote:
Now it appears there is reverse situation - some registrars allow (and verisign no longer gives an error) to register dns servers in different domains all pointing to the same ip. I belive they may have some stupid idea to help/encourage using shared hosting and preserve ip space.
Err, no. The limitation of only one name server (i.e., A record) per IP address was an unfortunate Registry-based restriction that was removed on January 19 of this year. The motivation had nothing to do with "preserving ip space". There were several reasons for relaxing this restriction, not the least of which was that there wasn't a good reason for it in the first place. An immediate positive benefit is that it's no longer possible for someone to hold a given IP address hostage by registering a name server at that address. (Anyone can register a com/net/org name server at any IP address.) Matt -- Matt Larson <mlarson@verisign.com> VeriSign Global Registry Services
An immediate positive benefit is that it's no longer possible for someone to hold a given IP address hostage by registering a name server at that address. (Anyone can register a com/net/org name server at any IP address.)
I've been waiting for this fix, but OpenSRS (via domainmonger.com) still doesn't seem to permit it. At least in my case. Can anyone here from either of those august institutions comment on this?
Hi,
I'm not certain that this is entirely accurate. Certainly, ns0.ja.net has had two IP addresses for as long as I can remember (at least for the last five years...) and has been happily reflected in the whois and .net zone.
Yes, but trying to modify anything in the Verisign database to do with that box has been a nightmare. Not tried since the change in policy, hopfully it will save some hair-pulling! Rob -- Rob Evans University of London Computer Centre, 20 Guilford Street, London. WC1N 1DZ JANET Operations Desk: +44 (0)20 7692 1111
Somewhat on the topic but going into future instead of the past... I'm wondering if anyone started working on dns host registration system for ipv6 and whois support for this. It seems that currently all ipv6 dns comes from existing domains that are setup with ipv4 and there is no root ipv6 dns servers. Am I right? Are we planning to working on it anytime soon? And yes - I'v read http://www.isi.edu/~bmanning/v6DNS.html but it seems little out of date and does not mention A6 records. Bill, will you be updating the page? On Thu, 4 Apr 2002, Allan Liska wrote:
Hello,
Thursday, April 04, 2002, 3:26:18 AM, you wrote:
wen> Worth is that about 4-6 months ago I started seeing multiple dns servers wen> registered for the same ip address. Plus to that neither .biz nor .info wen> dns servers are even showing on the internic root.
Yea, apparently in January Verisign changed their long standing policy of allowing only one name server to be registered per IP Address. To confuse matters even more, I don't think all of the registrars support this, and I have not seen anything official from ICANN (not that anyone cares what ICANN thinks).
allan
yes, I'll get it updated. it might be worthwhile noting that there is ipv6 support in rwhois. I know several registries have been working on this topic for a while and folks ought to see the results of these efforts in the next few months. it is also true that the v6 root testbed has been around for about 3 years and there is some hope that native v6 support will be added to the production root system RSN.
Somewhat on the topic but going into future instead of the past...
I'm wondering if anyone started working on dns host registration system for ipv6 and whois support for this. It seems that currently all ipv6 dns comes from existing domains that are setup with ipv4 and there is no root ipv6 dns servers. Am I right? Are we planning to working on it anytime soon?
And yes - I'v read http://www.isi.edu/~bmanning/v6DNS.html but it seems little out of date and does not mention A6 records. Bill, will you be updating the page?
On Thu, 4 Apr 2002, Allan Liska wrote:
Hello,
Thursday, April 04, 2002, 3:26:18 AM, you wrote:
wen> Worth is that about 4-6 months ago I started seeing multiple dns servers wen> registered for the same ip address. Plus to that neither .biz nor .info wen> dns servers are even showing on the internic root.
Yea, apparently in January Verisign changed their long standing policy of allowing only one name server to be registered per IP Address. To confuse matters even more, I don't think all of the registrars support this, and I have not seen anything official from ICANN (not that anyone cares what ICANN thinks).
allan
long before there were specific gtld-servers. I first saw this type of response in 1987. (I was not looking before then... :)
When did this start?
dig uunet.com @a.gtld-servers.net
; <<>> DiG 8.3 <<>> uunet.com @a.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; QUERY SECTION: ;; uunet.com, type = A, class = IN
;; AUTHORITY SECTION: uunet.com. 2D IN NS NS.UU.NET. uunet.com. 2D IN NS UUCP-GW-1.PA.DEC.com. uunet.com. 2D IN NS UUCP-GW-2.PA.DEC.com.
;; ADDITIONAL SECTION: NS.UU.NET. 2D IN A 137.39.1.3 UUCP-GW-1.PA.DEC.com. 2D IN A 16.1.0.18 UUCP-GW-1.PA.DEC.com. 2D IN A 204.123.2.18 UUCP-GW-2.PA.DEC.com. 2D IN A 16.1.0.19
Regards, Matt -- Matt Levine @Home: matt@deliver3.com @Work: matt@eldosales.com ICQ : 17080004 AIM : exile PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX
participants (10)
-
Allan Liska
-
bmanning@karoshi.com
-
Chris Adams
-
Jim Hickstein
-
Matt Larson
-
Matt Levine
-
Paul Thornton
-
Rob Evans
-
Stephen Stuart
-
william@elan.net